AskGenius Security Policy
AskGenius Security and Data Privacy
Environments and Development Operations
AskGenius services and data currently reside in Amazon Web Service’s (AWS) Oregon, North Virginia and Ohio regions. AskGenius has a hosted MySQL database, and we use Cognito for user identity management.
Customer data resides in the same database. Access to data and processes from the application are specific to the user’s organization, role, and subscription status. All data is encrypted and backed up nightly.
AskGenius has separate development, staging, and production environments. Procedural steps are taken at every level to ensure quality and prevent bugs from being released into the active environment. Our platforms utilize role-based access guidelines so that users are limited to the environments with the lowest level of access needed.
We follow standard SDLC process for change management to reduce risk and ensure quality and security in CSM.
Additional Security Measures
In addition to the Well Architected Framework Review, PSG uses a third-party auditor for penetration testing when there are major changes to architecture to ensure that we are maintaining our high level of integrity and limiting risk. For more information visit Ongoing Testing Service
Data Sources and Usage
AskGenius relies on three methods to ingest donor constituent data for processing. The customer can choose the methods that fit their needs. Data is stored in our database* and is not discarded after processing so that customers can copy, edit and re-execute appeals at a later date.
Excel spreadsheet import
- File uploads are scanned to avoid introducing potentially harmful viruses to the system
- In addition to providing the data that is necessary in order to calculate ask strings, customers can also choose to add and store custom fields in our database
Blackbaud Raiser’s Edge integration
- We rely on Blackbaud’s Authorization Code Flow method for authentication and authorization to access the NXT environment and get data
- We do not have independent access to customers’ NXT environments. All authorization is done by a Blackbaud environment’s administrative user.
- The integration has access to the following information needed to calculate ask strings and provide customers the ability to output the fields they need. For more detailed information on fields read see RE NXT API Endpoint Reference
- Constituents (names, addresses, phones, email)
- Campaigns, Appeals, Funds
- Giving history
- Constituent Codes
- Our platform only reads data from a customer’s Blackbaud RE NXT environment. We do not write any data.
- We rely on a customized version of Virtuous’ Key/Token Method
- The integration has access to data in a proprietary endpoint built for AskGenius which contains the following data:
- Contact (names, addresses, phones, email)
- Campaigns, Communications, Projects
- Aggregated giving attributes for example giving last year, giving two years ago, largest gift, latest gift and other similar data points
- Custom fields
- Our platform only reads data from a customer’s Virtuous environment. We do not write any data.
* Customers may request that we terminate their account and delete their history from the database at any time.
** We may periodically perform analytics on aggregated data across customers, over time to improve algorithms and product features. This still follows our role-based access policy [insert PSG security page link] and users would not see personally identifiable or detailed historic data.
In addition to the partners mentioned above AskGenius integrates with the following:
- Chargebee – Subscription management
- Stripe – Payment processing
- HubSpot – Internal account management