Security & Performance
How secure is my data?
Very secure. Funding Gates’ platform infrastructure is provided by Amazon Web Services (AWS), an enterprise level cloud computing and hosting platform that protects your data with physical and online security measures at every layer. AWS has been certified and accredited under Cloud Security Alliance (STAR Registrant), DIACAP, FedRAMP (FISMA ATO Moderate), FISP 140-2, HIPAA, ISO 27001, ITAR, PCI DSS Level 1, SOC1 Type 2, SOC2 Type 2, and SOC3.
The entire communication between your employees and Funding Gates platform servers is encrypted with 128-bit SSL encryption. Passwords for all the users are hashed and are never stored as plain text. Data for each organization is protected by the user passwords, which means that no user can access the data of an organization they do not belong to. In addition to the security controls, Funding Gates backs up the data on a daily basis at Amazon Web Services, to make it available to users in case their accounting or ERP package fails.
Our payment processing infrastructure is powered by Stripe, a globally recognized payments platform that operates at PCI Level 1 and forces HTTPS for all services. Stripe uses AES-256 encryption on all card numbers, storing description keys on separate machines. Your payment information is never stored in our servers, but is encrypted and transferred over to Stripe at all times. All payment orders are transmitted and received in a pre-authenticated way that protects your data against any breach.
Within Funding Gates, access to customer data is strictly regulated. The data is accessible only to authorized staff who is working on a maintenance, troubleshooting or another specific project requested by the customer. All instances of customer data access require multi-layered authentication and are done on an as-needed basis.
For more information on our security policies and practices, shoot us a note. For more information on our operational partners, check out the security capabilities of Amazon Web Services and Stripe.
What are FG’s performance and disaster recovery measures?
The AWS infrastructure is protected by extensive network and security monitoring systems. In addition, AWS infrastructure components are continuously scanned and tested. The AWS production network is segregated from the Amazon corporate network, and access to this network is monitored and reviewed on a daily basis by AWS security managers. The AWS production network is segregated from the Amazon corporate network and requires a separate set of credentials for access, consisting of SSH public-key authentication through a bastion host using an MFA token. This access is monitored and reviewed on a daily basis by AWS security managers.
AWS builds its data centers in multiple geographic regions as well as across multiple Availability Zones within each region to offer maximum resiliency against system outages. AWS designs its data centers with significant excess bandwidth connections so that if a major disruption occurs there is sufficient capacity to enable traffic to be load-balanced to the remaining sites, minimizing the impact on you.
For more information, check out the overview of AWS security processes.
What’s your uptime?
We guarantee 99% monthly average uptime.
Are there scheduled maintenances?
Since Funding Gates is cloud-based, most of our updates will happen automatically and will not disrupt your work in any way. We deploy new features frequently, and you can start using them almost instantaneously. For more detailed upgrades (such as framework upgrades or data center moves) we try to schedule those for late night hours to ensure maximum uptime, and give you a heads up if it’s something that will take longer than just a few minutes. If the downtime is a result of a third party service provider, we will also give you a heads up on that.
Does FG Receivables Manager integrate with any third party service provider?
We integrate with various third party accounting, ERP, CRM, payments, system monitoring and communications providers, including QuickBooks, Xero, Twilio and Stripe. Customer authorization is required for all service providers in order to access sensitive customer information, and all third party services are mandated not to share information without explicit authorization.
Which third parties have access to my data?
Only the parties you agree to share your data will ever see your data. Funding Gates does not sell your data to anyone.