info@mchsmi.org | (313) 531-4060

DONATE NOW

ONLINE GIVING SECURITY

GIVING YOU PEACE OF MIND AS YOU PARTNER FINANCIALLY WITH MCHS

Peace of Mind with Every Gift

We understand how important it is to feel confident and at peace when making an online donation. That’s why we partner with Virtuous CRM, a trusted platform that prioritizes donor security. To ensure your information is protected, Virtuous adheres to strict federal and international data regulations. For full details on their security protocols and encryption standards, please read below.

1. Data Security & Infrastructure
  • Microsoft Azure Cloud: Virtuous leverages Microsoft’s Azure cloud platform for hosting and data storage. This provides a robust and secure infrastructure.
  • Azure SQL Server: Each Virtuous customer gets their own dedicated Azure SQL Server instance. This isolates your data for enhanced security and performance.
  • SOC Compliance: Virtuous relies on Microsoft’s SOC compliance, data security processes, and uptime assurances due to their Azure-based infrastructure.
2. Data Encryption
  • Data in Transit: The Virtuous web application and API are always encrypted using SSL TLS 1.2. This secures data during transmission.
  • Data at Rest: Databases use Transparent Data Encryption (TDE) with AES256 encryption at rest. This ensures data is encrypted even when stored.
  • Password Hashing: Virtuous uses a one-way password hashing algorithm (HMACSHA256) for user authentication.
  • API Token: The Virtuous API utilizes password hashing to generate time-based expiring tokens, which enhances security for each session.
3. Access Control
  • Dedicated Shard: Each customer’s data resides in its own separate “shard” (database instance), which limits access to only authorized users from that specific nonprofit.
  • Data Access Permissions: Virtuous support team members access customer data through the Virtuous interface, and clients control data access permissions.
  • Limited Data Access: Only a small number of Virtuous technical team members have direct access to customer data on Azure.
  • Read-Only Access: For Enterprise customers, read-only access to SQL databases can be granted upon request, restricted by IP address to further limit access.
4. Two-Factor Authentication (2FA)
  • Optional 2FA: Virtuous offers Two-Factor Authentication (2FA) using Authy for an additional layer of security. This is especially recommended for sensitive donor data.
5. Data Backup & Disaster Recovery
Virtuous utilizes transactional backups for up to 48 hours and provides daily data snapshots for rollback purposes. Enterprise clients have the option to request SQL data for off-site backups.
6. Security Monitoring
Azure Threat Detection is employed by Virtuous to monitor and protect customer data, with real-time threat notifications sent to their team. External penetration testing is also conducted by an independent consultant to assess security.
7. PCI Compliance
Payment processing is handled by Virtuous Giving, a PCI compliant product, and utilizes Stripe as a payment gateway to tokenize and encrypt customer information. Virtuous maintains a limited PCI scope by not storing sensitive payment information directly.
MAKE A DONATION
Back To Top

TRANSFORM A LIFE TODAY

VOLUNTEER
DONATE NOW

Supporting our community for 108 years and counting!

Blog & News

OUR PARTNERS

It takes a village. Our work is made possible by the community partners and donors who stand by our side.

We are a human services agency providing Child Welfare, Housing, Community, Mental Health, Residential Treatment, and Education programs and services to children, families, and older adults throughout Michigan.

Subscribe today to receive monthly emails with program updates, ways to get involved, and inspiring stories of impact!

SUBSCRIBE

CONTACT

CONNECT

Facebook Instagram Linkedin Icon-email Youtube