MoveData is based on Amazon Web Services (AWS) and stores data in Sydney, Australia.

For more information about MoveData's cloud infrastructure, see platform architecture.

MoveData uses AWS for its core infrastructure. There are limited scenarios where AWS may move some data out of Australia as a result of failures such as routing or backup.

You can read more about AWS's commitments to data sovereignty.

A list of MoveData's sub-processors is available in section 7 of the Data Processing Addendum.

A list of MoveData's sub-processors is available in section 7 of the Data Processing Addendum.

MoveData implements a multi-data centre active configuration. The service regularly fails primaries across data centres to ensure automated failure cutovers remain operable.

For more information, see the AWS Well-Architected Framework — Reliability Pillar.

MoveData inherits a suite of SLAs from Amazon Web Services. You can read more about these in the AWS Well-Architected Framework — Reliability Pillar.

MoveData operates a multi-tenanted environment. All customers run on the same infrastructure.

Yes. Data is encrypted at rest using hardware-managed certificates.

More information can be found in the Cloud Security Alliance assessment.

All communications on the MoveData network use HTTPS.

AWS provides additional controls around data in transit. You can read more at AWS data protection — encryption in transit.

MoveData code is scanned nightly and on all system deployments for vulnerabilities. The majority of MoveData services run on AWS Lambda, which means AWS manages runtime patching automatically.

You can read more about Lambda and patching at AWS Lambda runtime maintenance.

Yes. MoveData works with the Salesforce Security Review team to complete periodic penetration testing and audits. To date, no issues have been identified.

MoveData also maintains a Cloud Security Alliance STAR registry entry.

Given MoveData's middleware role, there is typically no need to export data to another system. All fundraising data already resides in your Salesforce org.

Customer data on the MoveData platform is deleted on a 90-day rolling basis. You can submit a service request to have your data deleted before this date.

MoveData sends data to Salesforce via an HTTPS connection using an OAuth token. In addition, MoveData employs proprietary handshakes and checks to ensure data can only be transmitted between the MoveData platform and the MoveData Salesforce application.

Salesforce communicates with MoveData using an HTTPS connection with a number of authentication handshakes and proprietary checks.

Execution logs can be viewed within the MoveData application. You can control whether Salesforce-specific data is written to these logs via MoveData Settings.

No. MoveData does not delegate traditional human decision making to technology.

No. MoveData does not profile the data transported through its systems.

MoveData offers:

• In-application support — access help directly from within the MoveData app in Salesforce
• Online knowledge base — self-service documentation at support.movedata.io
• Ticketed support — submit service requests for issues that require assistance from the MoveData team