Fundky Security & Safety Guide

Better than ever, there is no compromise with the security of your data

PCI Compliant

Fundky complies with PCI-DSS 3.2.1 Level 2 as a Service Provider.

• Regularly audited by a Qualified Security Assessor (Ubitrak Inc.)
• Passes application and network penetration testing performed by independent security firms.
• PCI Attestation of Compliance (AOC) is available on request.

Compliance Documents

The following documents are available to the public. Applicability to your environment needs to be assessed / approved by your auditors.

• Fundky 2022 PCI-DSS 3.2.1 Attestation Of Compliance (Service Provider)
• contact us in order to get a copy : security@fundky.com

Privacy

Fundky maintains a comprehensive privacy program. To us, this means that although we are required by law or regulation to do certain things, we are continually evaluating whether we can and should do more.

• We do not sell the personal information of our customers to third parties.
• You can find our privacy policy at: fundky.com/en/privacy-policy.

Hosting Environment

Amazon EC2 hosts Fundky’s production systems.

• Servers based in Canada
• PCI-DSS Level 1 Service Provider
• ISO 27001 certified
• Independently verified and audited
• SAS-70 Type II and SSAE16
• Amazon AWS PCI Compliance site

Encryption

Fundky uses strong encryption methods and key management procedures to ensure your sensitive information is protected.

• Fundky’s website is accessible via a 256-bit SSL certificate issued by Let’s Encrypt.
• Credit card information is never stored.
• Our partner payment processor WePay is PCI DSS compliant. You can read their security policy : https://go.wepay.com/security
• Our partner payment processor Stripe is PCI DSS compliant. You can read their security policy : https://stripe.com/docs/security/stripe
• Our partner payment processor Paypal is PCI DSS compliant. You can read their security policy : https://www.paypal.com/c2/webapps/mpp/pci-compliance?locale.x=en_C2#:~:text=PayPal%20is%20PCI%20compliant.&text=We%20hold%20certification%20under%20many,18%20SOC%201.

Our Organization

Fundky has taken appropriate measures to train its employees.

• All employees are subject to reference, education, and other personal checks. Certain employees are also subject to detailed background checks.
• Fundky maintains an information security training program that meets PCI-DSS standards.
• Require written acknowledgement by employees of their roles and responsibilities with respect to protecting user data and privacy.

Incident Response

While we don’t anticipate there ever being a breach of our systems, we know that no computer system is perfectly secure.

• In the event of a breach of a Fundky information system, we have a detailed Incident Response plan in place.
• Fundky has 24/7 monitoring of its security systems and alerts.

Information

If you have any question related to our system, please contact us at security@fundky.com