Skip to main content

Security and Data Protection

Your Data is Safe and Secure

 

How do we help secure your member records and other data?

To ensure security and privacy of your data, WildApricot provides traffic encryption (https) capability. Traffic encryption ensures that data entered into the online forms (e.g. membership application, event registration) as well as data transferred from WildApricot servers back to visitors is protected from snooping, for example if you access internet over an insecure WiFi connection.

For more information, visit our help page on traffic encryption.

If you use a custom domain, we can help you get a free SSL security certificate  click here to see how to get https.

How do we secure online payments

The Payment Card Industry Data Security Standard (PCI DSS) was developed to encourage and enhance cardholder data security and facilitate the broad adoption of consistent data security measures globally. Certification confirms that we:

  • Build and maintain a secure network and systems
  • Protect cardholder data
  • Maintain a vulnerability management program
  • Implement strong access control measures
  • Regularly monitor and test networks
  • Maintain an information security policy

We support PCI DSS v3.2. We are responsible for the security of cardholder data the service provider possesses or otherwise stores, processes, or transmits on behalf of the customer, or to the extent that they could impact the security of the customer’s cardholder data environment.

We passed PCI audit in 2021. AOC (Attestation of Compliance) can be provided upon request.

For more information on PCI DSS, please visit pcisecuritystandards.org

Who owns your data?

You do.

We do not hold your data hostage. You can download all your contacts/member data at any time in a Microsoft Excel-compatible format. (Same for other important records like event registrations, financial transactions etc.)

For instructions on how to download your data, see Exporting members and other contacts.

 

Will WildApricot be around for the the long haul?

WildApricot isn't going anywhere - and neither is your data!

Our company is headquartered in Toronto and has been around since 2001. WildApricot software was launched in 2006 (and is the only thing that we do these days).

We invest heavily into R&D to maintain the reliability of our software and constantly improve it - see our release history40% of our revenue is invested into R&D, and our development team consists of over 50 people. We also invest heavily in technology infrastructure to help make sure you have fast, reliable access to your WildApricot account at all times.

WildApricot has passed a number of strict Microsoft platform tests. Testing was conducted independently by VeriTest, a testing service of Lionbridge Technologies. These tests ensure compliance with Microsoft platform requirements to ensure security and reliability.

WildApricot partners with thousands of organizations who use our solution to manage their membership.

What kind of processes and procedures do we use to ensure security?

WildApricot’s hosting provider, Amazon Web Services (AWS), is the world’s largest cloud provider, offering the most robust and reliable platform.

  • AWS is a secure, durable technology platform with industry-recognized certifications and audits: PCI DSS Level 1, ISO 27001, FISMA Moderate, FedRAMP, HIPAA, and SOC 1 (formerly referred to as SAS 70 and/or SSAE 16), SOC 2 and SOC 3 audit reports.
  • The AWS infrastructure puts strong safeguards in place to help protect customer privacy. All data is stored in highly secure AWS data centers.
  • AWS storage solutions deliver highly scalable, durable, and reliable cloud storage with robust data protection.

Currently, the main WildApricot solution is distributed over one AWS Region with at least three Availability Zones (data centres). All backups are delivered to separate regions. WildApricot uses a set of high reliable services/solutions provided by AWS. We constantly improve and expand our services, applying best efforts to provide our customers with high level of services.

WildApricot payment systems use a high grade of hosting at Armor, the leader in secure cloud hosting, capable of protecting sensitive data and brand reputations of the world's biggest enterprises. We use two data centers located in Dallas, TX and Phoenix, AZ to provide a very reliable solution.

In addition, here is an outline of WildApricot's own backup and testing procedures:

  • All WildApricot customer data is fully backed up nightly to the Amazon S3 datastore
  • We have 24/7 infrastructure monitoring of all our customer sites (meaning that if something fails, we immediately get notified by email, SMS and other alerting systems)
  • We regularly test our disaster recovery procedures to make sure we can recover data quickly in the event of a problem
  • Our database reliability is ensured by SQL server failover clustering solution

As well, our software development process includes security testing phase and detailed checklists.

Where can you learn more about WildApricot's security procedures?

You can find out more about WildApricot's security procedures by clicking here to visit our page on Keeping Your WildApricot Account Secure. We've also put together a blog post that gives an overview of our security procedures, as well as some steps you can take to ensure your information stays secure - you can read the post here.