Skip to main content

Data Security

Thomas
  • Updated

Keela's Data Security 

Protecting your data is extremely important to us. Outlined below is information on Keela's commitment to making sure your data remains safe and secure. 

mceclip0.png Data is securely stored on one of three servers depending on the country that your account is based in. Keela currently has servers in Canada, the United States, and Australia. For additional security, HTTPS is used to encrypt all data sent from Keela to the servers to prevent any interception of passwords, transactions, and other information.

mceclip0.png Data is backed up multiple times a day. Keela also has back-ups of those back-ups, meaning your data has additional layers of protection. 

mceclip0.png Data is protected through Microsoft Azure, Amazon Web Services, and Google Cloud's security systems to keep your organization's information secure. For more information on how these platforms protect your data, we recommend viewing their data security information directly. 

 

Data Security FAQ 

Has Keela ever had a security breach? 

No, Keela has not experienced any security breach. 

Does Keela have an internal data breach and/or documented cyberattack policy?

Keela has a documented policy and process in place in the event of suspicious activity or a threat. This is an internal process designed to maximize response time and remain proactive in keeping data secured.

How is data security handled in relation to integrations with other platforms (e.g. Quickbooks). 

Keela reviews the privacy policies of each integration platform prior to the approval of the integration. Each integrated platform has its own privacy policies and is held liable for any data-related breach of its system. We suggest reviewing the privacy policies of the integrated platform for more information on how they protect your data within their database. 

How is our data saved in the Keela tenancy – Single copy or redundant?

We store this data with Google Cloud, which is manaed by MongoDB Atlas. In Google Cloud all datais stored geo-redundantly.
What happens to our data integrity in case Keela has an issue with their cloud platform?

Keela frequently does data backups. See below as for what happens if there were to be an issue on the cloud platform. To date, we have not had any data compromised.
What happens if our data is lost or compromised due to a compromise of Keela’s systems?

Keela has backups in case there is an error and we need to restore earlier data. At this point, we can restore the data to before the issue took place. 
How do we restore data to its state just before the incident?

To restore data, you should contact Keela as soon as possible (unless the error is on our end, in which case we would notify you). The sooner we can restore the data, the more granular the restoration can be. 
Who is responsible for data backup, storage, retention, etc of our data.

As per Keela's agreement with MongoDB Atlas, they are responsible for managing, backing up and auto-scaling all of our databases.
How is liability shared between Keela and their clients in terms of data loss or data breach?

Keela practices the utmost recommended security measures and follow all the industry best practices for data storage and maintenance.

What are the data privacy protection clauses in their MSA with our organization? Do they include any obligations to cooperate with our organization in the event of data breaches?

Keela does not have a MSA. Keela’s Terms of Service and Privacy Policy govern our relationship with our customers. There are no outlined obligations to cooperate with our customers in the event of a breach. That said, please rest assured that Keela takes every precaution necessary to prevent a breach. Keela implements and maintains appropriate technical and organizational security measures that are designed to protect customer data from security incidents and preserve the security and confidentiality of customer data. Further, upon becoming aware of a security incident, Keela will always notify our customers without undue delay, provide timely information relating to the breach, and promptly take reasonable steps to contain and investigate.

What other personal data (beyond that which we will ask donors when making a donation (name, address, payment information, etc)) do you collect in order to run the site?
We don’t collect any personal data, as a company, from donations. Whatever data is collected is at the choice of the organization. Every organization can choose additional data fields, which are obviously stored in Keela. Of course, there are minimum requirements for the CRA, which Canadian charities must collect and store, which are, by default, included in our Canadian-organization donation forms. This is outlined in Keela’s Privacy Policy (under “The type of Information the Website Collects” and “Data Storage Retention”).

There are references to the “sale” of personal data. This is, I presume, the disclosure of personal information to third parties. We need to know when or if this is being done with our organization’s donor data.

Keela has never sold data to any organization. We have never shared donor information with any organization. We have, on aggregate, published data on donor trends (such as sector benchmarks, included in Keela Intelligence). However, this data is anonymous, co-mingled, and untraceable to organizations or donors.

Have you completed an internal data privacy impact assessment? If so, is it possible to get a copy for our review?

 Yes, we continue to do privacy impact assessments and security assessments. This information, unfortunately, is internal. Our Board and Insurance has advised us to keep it internal.