Security

Our Commitment to Security

At Community Pledges, we take the security of your data and payments seriously. We implement industry-standard security measures to protect your information.

Payment Security

We use Stripe for payment processing:

  • PCI DSS Compliance: Stripe is certified to PCI Service Provider Level 1, the most stringent level
  • Encryption: All payment data is encrypted with TLS 1.2+ during transmission
  • No Card Storage: We never store your full credit card numbers on our servers
  • Secure Tokens: Payment methods are stored as secure tokens with Stripe
  • 3D Secure: Support for additional authentication when required

Data Protection

Your data is protected through:

  • HTTPS Everywhere: All connections use secure HTTPS encryption
  • Database Security: Encrypted data at rest and in transit
  • Access Controls: Strict role-based access to sensitive data
  • Regular Backups: Automated daily backups with encryption
  • Secure Authentication: OAuth 2.0 for account security

Account Security

We recommend these security best practices:

  • Use a strong, unique password for your OAuth provider
  • Enable two-factor authentication on your Google/Discord account
  • Never share your account credentials
  • Log out from shared or public devices
  • Monitor your account activity regularly
  • Report suspicious activity immediately

Infrastructure Security

Our platform infrastructure includes:

  • Cloud Hosting: Hosted on secure, reliable cloud infrastructure
  • DDoS Protection: Advanced protection against distributed attacks
  • Monitoring: 24/7 system monitoring and alerting
  • Regular Updates: Timely security patches and updates
  • Rate Limiting: Protection against brute force attacks

Privacy Controls

You have control over your information:

  • Access your personal data at any time
  • Update or correct your information
  • Delete your account and associated data
  • Export your data on request
  • Manage notification preferences

Incident Response

In the event of a security incident:

  • We have a detailed incident response plan
  • Affected users will be notified promptly
  • We work to contain and resolve issues quickly
  • Post-incident analysis to prevent recurrence
  • Transparency in our communication

Reporting Security Issues

If you discover a security vulnerability:

  • Please report it responsibly through our support ticket system
  • Include detailed information about the vulnerability
  • Give us time to address the issue before public disclosure
  • We appreciate and acknowledge security researchers

Third-Party Services

We carefully vet our third-party services:

  • Stripe: Payment processing and payout management
  • OAuth Providers: Google, Discord for authentication
  • Email Service: Secure transactional email delivery
  • All partners maintain high security standards

Compliance

We strive to comply with applicable regulations:

  • GDPR (General Data Protection Regulation)
  • PCI DSS through Stripe
  • Data protection best practices
  • Regular security audits

Questions?

If you have questions about our security practices or need to report a security concern, please create a support ticket. We take all security matters seriously and will respond promptly.

Last updated: October 2025