Assurance and Security
Our platform is privacy-by-design and built on privacy-first approach. We take data privacy very seriously and never share or sell your information to third-parties. Thats a promise!
Data Privacy
Our Approach
The platform is built by techies and have placed data privacy as a fundamental building block of the platform. We never sell your data, and we have adopted GDPR (EU) to drive our overall governance of data privacy and data protection requirements.
You can reach our DPO (Data Privacy Officer) by sending an email to dpo@sadaqah.io.
We comply to GDPR (EU) core principles for data privacy
We are registered with Information Commission Office (ICO) - UK's Data Protection Regulator
We never sell or share your data to third parties
We do not disclose your email addresses to campaign owners for privacy reasons
We give you the consent to remain anonymous when donating
We regularly review our data privacy policy
We enforce privacy notices and cookie banners
Trust
Our Approach
All campaigns and causes on Sadaqah – Ummah Crowdfunding platform are fully verified by our compliance team.
Using the latest techniques in KYC, KYB, KYT, AML and CTF we ensure all campaigns are fully verified, trusted, and not observed or identified on any anti-money laundering or sanction lists.
KYC - Know Your Customer (Individuals and representatives)
KYB - Know Your Business (Charities and NGOs)
KYT - Know Your Transaction (Credit card fraud transaction monitoring)
AML - Anit-Money Laundering (Sanction list check across various global sources)
CTF - Counter-Terrorism Financing (Sanction list checks across various sources)
Cyber Security
The platform is built by techies and have placed cybersecurity and data privacy as a fundamental building block of the platform. We adopt best-practices in cybersecurity controls and conduct regular penetration testing assessment and audits on our systems.
We also have an established Public Bug Bounty Program with Crowdswarm. A crowdsourced cybersecurity penetration testing platform where security researchers can responsibility report any vulnerabilities.
Program: Public Bug Bounty Program
We are PCI-DSS compliant, and we never store or process any CDH (Credit Card Holder) information. This is all handled by world-leading payment gateway provider Stripe.
Stripe has been audited by a PCI-certified auditor and is certified to PCI Service Provider Level 1. This is the most stringent level of certification available in the payments industry. To accomplish this, Stripe use the best-in-class security tools and practices to maintain a high level of security at Stripe.
Our Security Tech Stack
Stripe for Secure Credit Card Payment (PCI-Certified)
Strong TLS v1.3 Encryption
A+ Grade on https://www.ssllabs.com/ssltest/analyze.html?d=www.sadaqah.io&latest
Cloud Security Controls
Application Security and Anti-Bot Protection Through CAPTCHA v3
Elastic Logging and Monitoring
Digital and Tech
The platform is built on latest digital and tech innovation in the industry; we adopt Secure Application Development Practices, DevSecOps and use a highly scalable and elastic environment that’s future-proof.
Our Approach
Fontend - HTML, CSS, React, NextJS
Backend - Java Springboot, NodeJS
Spring Cloud
Kubernetes and Microservices Architecture
DevSecOps - Jenkins, GitHub, Nexus
Eureka for service registry
Metabase for Analytics and Business Intelligence
RabbitMQ for Service and Messaging Communication
PostgreSQL Database
Flutter for Mobile Application Development
Figma for UI/UX Design and Wireframing