Security overview
MoveData is designed to process sensitive fundraising and supporter data securely. This article summarises MoveData's security posture across its cloud platform, Salesforce managed package, and data processing practices.
For detailed security information, see the linked articles throughout this page.
Platform security#
MoveData runs on Amazon Web Services (AWS) in a multi-region, active-active configuration. The primary hosting region is Sydney, Australia.
Encryption#
All data is encrypted both in transit and at rest using AES-256-GCM via AWS Key Management Service (KMS). This applies to all data MoveData receives from fundraising platforms and all data stored within the MoveData platform.
Data retention#
MoveData retains notification data on a 90-day rolling basis. After 90 days, data is permanently deleted from the MoveData platform. This is a hard limit — no customer data is retained beyond this window.
Once data has been written to Salesforce, MoveData does not need to retain it. The 90-day window exists solely to support troubleshooting and reprocessing of recent notifications.
Multi-tenancy#
MoveData operates a multi-tenant architecture. All customers share the same infrastructure with logical isolation between tenants. No customer can access another customer's data.
For more detail on the cloud platform, see Platform architecture.
Salesforce security#
MoveData is a Salesforce AppExchange managed package that operates within your Salesforce org's existing security model.
Authentication#
MoveData connects to Salesforce using an OAuth token granted by the MoveData Authorised User.
MoveData accesses only the objects and fields that the Authorised User has permission to access. It does not bypass Salesforce security controls.
Permission model#
MoveData provides permission sets to control access to MoveData features within Salesforce. These permission sets work alongside your org's existing:
- Field-level security
- Object permissions
- Sharing rules
- Audit trails
MoveData respects all of these controls when creating and updating records.
Managed package security#
As a Salesforce AppExchange managed package, MoveData undergoes continuous security review by Salesforce. Managed package code runs in its own namespace and cannot access your custom Apex code or metadata directly.
Compliance and certifications#
MoveData holds the following certifications and compliance attestations:
| Certification | Detail |
|---|---|
| CSA STAR Level 1 | Cloud Security Alliance self-assessment, publicly available on the CSA STAR Registry |
| Salesforce AppExchange Security Review | Continuous review required for all listed managed packages |
| GDPR | Compliant with the General Data Protection Regulation |
Vulnerability management#
MoveData maintains a proactive vulnerability management programme:
- Nightly code scanning across the entire codebase
- GitHub Dependabot for automated dependency vulnerability detection
- Penetration testing as mandated by the Salesforce AppExchange security review process
Data processing and privacy#
No AI or algorithmic decision-making#
MoveData does not use artificial intelligence, machine learning, or algorithms for decision-making or profiling. All data transformations follow deterministic rules defined by your integration configuration and Salesforce flows.
Sub-processors#
MoveData uses a limited number of sub-processors to deliver its service. The current list of sub-processors is published in the Data Processing Addendum.
Legal and policy documents#
All MoveData legal documents, including the privacy policy, terms of service, and data processing addendum, are available at movedata.io/legal.
Further reading#
- Cyber security FAQ — detailed answers to common security questions
- Cloud Security Alliance assessment — MoveData's CSA STAR self-assessment
- Security questionnaire — pre-filled responses for vendor security assessments
- Platform architecture — technical detail on the AWS infrastructure
- Salesforce architecture — managed package security model and data protection
- The MoveData Authorised User — how MoveData authenticates with Salesforce
- Permission sets — controlling access to MoveData features