Security & Compliance
Your data and transactions are protected with bank-level security and comprehensive compliance measures.
Security Measures
Compliance & Certifications
Data Protection
All sensitive data is encrypted using AES-256 encryption, both in transit (via TLS 1.3) and at rest. Encryption keys are managed using industry best practices and stored separately from encrypted data.
Access to user data is restricted to authorized personnel only, with role-based access controls and multi-factor authentication required for all administrative access. All access is logged and audited.
We retain data only as long as necessary for business purposes and compliance requirements. Users can request data deletion at any time, subject to legal and regulatory requirements.
Audit Trail
Every transaction, verification, and administrative action is logged in an immutable audit trail. This ensures complete transparency and accountability for all operations on the platform.
Audit logs include timestamps, user identification, action types, and relevant metadata. These logs are retained according to compliance requirements and are accessible to authorized personnel only.
Sanctions Screening Process
All partners and charities undergo comprehensive sanctions screening before approval. This includes:
- Verification against international sanctions lists
- Business registration and status verification
- Compliance with anti-money laundering regulations
- Ongoing monitoring and re-screening
Any matches or concerns are flagged for manual review by our compliance team before approval.
Security FAQ
We use 256-bit AES encryption for all data in transit and at rest. All data is stored in secure, SOC 2 compliant data centers with regular security audits.
We are PIPEDA compliant for Canadian privacy laws, conduct comprehensive sanctions screening, and maintain CRA compliance for tax receipt generation.
All partners and charities undergo a thorough verification process including business registration checks, sanctions screening, and compliance reviews before approval.
We have comprehensive incident response procedures in place. In the unlikely event of a breach, we will notify affected users immediately and take all necessary steps to mitigate impact.
We conduct regular security audits and penetration testing. Our systems are monitored 24/7 for any suspicious activity.
Yes, you can request data deletion at any time. Please contact us at security@4planet.io for assistance.
Security Questions?
If you have security concerns or questions, please contact our security team.
Contact Security Team