Keela's Data Security
Protecting your data is extremely important to us. Outlined below is information on Keela's commitment to making sure your data remains safe and secure.
Data is securely stored on one of three servers depending on the country that your account is based in. Keela currently has servers in Canada, the United States, and Australia. For additional security, HTTPS is used to encrypt all data sent from Keela to the servers to prevent any interception of passwords, transactions, and other information.
Data is backed up multiple times a day. Keela also has back-ups of those back-ups, meaning your data has additional layers of protection.
Data is protected through Microsoft Azure, Amazon Web Services, and Google Cloud's security systems to keep your organization's information secure. For more information on how these platforms protect your data, we recommend viewing their data security information directly.
Data Security FAQ
Has Keela ever had a security breach?
No, Keela has not experienced any security breach.
Does Keela have an internal data breach and/or documented cyberattack policy?
Keela has a documented policy and process in place in the event of suspicious activity or a threat. This is an internal process designed to maximize response time and remain proactive in keeping data secured.
How is data security handled in relation to integrations with other platforms (e.g. Quickbooks).
Keela reviews the privacy policies of each integration platform prior to the approval of the integration. Each integrated platform has its own privacy policies and is held liable for any data-related breach of its system. We suggest reviewing the privacy policies of the integrated platform for more information on how they protect your data within their database.
- Quickbooks Data Security
- Mailchimp Data Security
- Xero Data Security
- Sendgrid Data Security
- Eventbrite Data Security
How is our data saved in the Keela tenancy – Single copy or redundant?
We store this data with Google Cloud, which is manaed by MongoDB Atlas. In Google Cloud all datais stored geo-redundantly.
What happens to our data integrity in case Keela has an issue with their cloud platform?
Keela frequently does data backups. See below as for what happens if there were to be an issue on the cloud platform. To date, we have not had any data compromised.
What happens if our data is lost or compromised due to a compromise of Keela’s systems?
Keela has backups in case there is an error and we need to restore earlier data. At this point, we can restore the data to before the issue took place.
How do we restore data to its state just before the incident?
To restore data, you should contact Keela as soon as possible (unless the error is on our end, in which case we would notify you). The sooner we can restore the data, the more granular the restoration can be.
Who is responsible for data backup, storage, retention, etc of our data.
As per Keela's agreement with MongoDB Atlas, they are responsible for managing, backing up and auto-scaling all of our databases.
How is liability shared between Keela and their clients in terms of data loss or data breach?
Keela practices the utmost recommended security measures and follow all the industry best practices for data storage and maintenance.
What are the data privacy protection clauses in their MSA with our organization? Do they include any obligations to cooperate with our organization in the event of data breaches?
Keela does not have a MSA. Keela’s Terms of Service and Privacy Policy govern our relationship with our customers. There are no outlined obligations to cooperate with our customers in the event of a breach. That said, please rest assured that Keela takes every precaution necessary to prevent a breach. Keela implements and maintains appropriate technical and organizational security measures that are designed to protect customer data from security incidents and preserve the security and confidentiality of customer data. Further, upon becoming aware of a security incident, Keela will always notify our customers without undue delay, provide timely information relating to the breach, and promptly take reasonable steps to contain and investigate.
There are references to the “sale” of personal data. This is, I presume, the disclosure of personal information to third parties. We need to know when or if this is being done with our organization’s donor data.
Keela has never sold data to any organization. We have never shared donor information with any organization. We have, on aggregate, published data on donor trends (such as sector benchmarks, included in Keela Intelligence). However, this data is anonymous, co-mingled, and untraceable to organizations or donors.
Have you completed an internal data privacy impact assessment? If so, is it possible to get a copy for our review?
Yes, we continue to do privacy impact assessments and security assessments. This information, unfortunately, is internal. Our Board and Insurance has advised us to keep it internal.