givio
Givio for Slack is the first Slack app that lets you and your teams engage around the causes you care about. With Givio, inspirations turn into action with the convenience of Slack! With Givio for Slack you can: • Share and view Givio giving campaigns benefitting any of the 1.6M US nonprofits with any of your teams and channels• Pin campaigns to channels for easy access• Donate via Slack message -- typing /givio donatetocampaign or /givio donatetopinnedcampaign opens up the easy payment window• Get confirmation of gift payment right inside Slack• View campaign results from campaign link inside of SlackTo learn more about Givio, visit Our Guide.Contact developers at support@giv.ioWant to create your own giving campaigns? Get the Slack app and get started! https://giv.io/get-the-app/
Permissions
givio will be able to view:
givio will be able to do:
Review the details to better understand this app’s security practices. To learn more about assessing apps for your workspace visit our Help Center.
General
Developer
Givio INC
Company headquarters location
United States
Terms of service
Privacy & data governance
Data retention policy
Any decision whether to retain or dispose of data/documents should be taken in accordance with the retention/disposal protocol. This protocol consists of two parts:
Criteria checklist, see Section 2. Essentially no document or data should be disposed of unless all
these have been considered in relation to the data/documents.
Retention Schedules, see Section 2. These provide guidance on recommended and mandatory minimum retention periods for specific classes of data/documents.
Electronic data that is virtually impossible to retrieve, is considered deleted. Under no circumstances should paper documents or electronic media containing personal data or confidential information be simply trashed. To do so could result in the unauthorized disclosure of such information to third parties, and render Givio liable. Such documents should be destroyed on site (e.g., by shredding) or disposed of per an authorized vendor.
2 Policy Execution
2.1 Criteria Checklist
1. Has the document/record set been appraised?
As a first step, the content of any data/documents being considered for disposal should be ascertained. No data/documents should be earmarked or designated for disposal unless they have been inspected.
Inspection may be simple or it could be a skilled task depending on complexity of data/documents and should only be undertaken by staff who possess sufficient operational knowledge to enable them to identify the data/documents concerned and its function within Givio.
2. Is retention required to fulfil Contract, statutory or other regulatory requirements?
There is very little specific legislation that stipulates mandatory retention periods for documents held by Givio. However, contractual and financial obligations may dictate minimum retention periods that are client specific.
3. Is retention required to evidence events in the case of dispute?
On rare occasions, Givio may become involved in disputes with third parties. Such disputes, if not satisfactorily resolved, can result in reputational damage and the dissatisfied party potentially bringing legal proceedings against Givio. Conversely, Givio may wish to institute legal proceedings against an individual or organization. Where a dispute arises, or litigation has been commenced, it is important that Givio has access to all correspondence and other documentation that is relevant to the matter.
4. Is retention required to meet operational needs?
In some cases retention may be necessary for future reference purposes (e.g., training), performance management, etc. A professional judgement needs to be made as to the usefulness of a particular document.
5. Has a customer, user or partner requested the destruction of data or removal of data records from a Givio database? In certain circumstances, an interested party - such as a Givio app user - may contact Givio requesting that one or more records be deleted. In these situations, the type of data impacted must be evaluated. Givio may be required to retain certain records in order to fulfill other obligations (e.g., a donor wishes to have his/her name removed from the Givio database, but associated gift records cannot be deleted because they represent a record of a transaction that was fulfilled to a nonprofit). Sometimes records should be archived and not deleted. Whenever a request for the permanent deletion of a record is made to Givio, that request should be elevated to the appropriate management authority. When in doubt, inform the CTO and CFO.
6. Is retention required because the document or record is of historic interest or intrinsic value?
In most cases this consideration will not be applicable. However, it is possible that some data/documents may be of historic interest. Even if the document is of historical or monetary value, disposal rather than retention may be the appropriate option (e.g., by way of transfer to a third party).
Data archiving and removal policy
Any decision whether to retain or dispose of data/documents should be taken in accordance with the retention/disposal protocol. This protocol consists of two parts:
Criteria checklist, see Section 2. Essentially no document or data should be disposed of unless all these have been considered in relation to the data/documents.
Retention Schedules, see Section 2. These provide guidance on recommended and mandatory minimum retention periods for specific classes of data/documents.
Electronic data that is virtually impossible to retrieve, is considered deleted. Under no circumstances should paper documents or electronic media containing personal data or confidential information be simply trashed. To do so could result in the unauthorized disclosure of such information to third parties, and render Givio liable. Such documents should be destroyed on site (e.g., by shredding) or disposed of per an authorized vendor.
2 Policy Execution
2.1 Criteria Checklist
1. Has the document/record set been appraised?
As a first step, the content of any data/documents being considered for disposal should be ascertained. No data/documents should be earmarked or designated for disposal unless they have been inspected.
Inspection may be simple or it could be a skilled task depending on complexity of data/documents and should only be undertaken by staff who possess sufficient operational knowledge to enable them to identify the data/documents concerned and its function within Givio.
2. Is retention required to fulfil Contract, statutory or other regulatory requirements?
There is very little specific legislation that stipulates mandatory retention periods for documents held by Givio. However, contractual and financial obligations may dictate minimum retention periods that are client specific.
3. Is retention required to evidence events in the case of dispute?
On rare occasions, Givio may become involved in disputes with third parties. Such disputes, if not satisfactorily resolved, can result in reputational damage and the dissatisfied party potentially bringing legal proceedings against Givio. Conversely, Givio may wish to institute legal proceedings against an individual or organization. Where a dispute arises, or litigation has been commenced, it is important that Givio has access to all correspondence and other documentation that is relevant to the matter.
4. Is retention required to meet operational needs?
In some cases retention may be necessary for future reference purposes (e.g., training), performance management, etc. A professional judgement needs to be made as to the usefulness of a particular document.
5. Has a customer, user or partner requested the destruction of data or removal of data records from a Givio database? In certain circumstances, an interested party - such as a Givio app user - may contact Givio requesting that one or more records be deleted. In these situations, the type of data impacted must be evaluated. Givio may be required to retain certain records in order to fulfill other obligations (e.g., a donor wishes to have his/her name removed from the Givio database, but associated gift records cannot be deleted because they represent a record of a transaction that was fulfilled to a nonprofit). Sometimes records should be archived and not deleted. Whenever a request for the permanent deletion of a record is made to Givio, that request should be elevated to the appropriate management authority. When in doubt, inform the CTO and CFO.
6. Is retention required because the document or record is of historic interest or intrinsic value?
In most cases this consideration will not be applicable. However, it is possible that some data/documents may be of historic interest. Even if the document is of historical or monetary value, disposal rather than retention may be the appropriate option (e.g., by way of transfer to a third party).
Data storage policy
2 Data Classifications
2.1 Restricted Data
Data should be classified as Restricted when the unauthorized disclosure, alteration or destruction of these data could cause a significant level of risk to Givio and/or Givio’s employees, clients, users, third party vendors, partners and affiliates. By default, all data that is not explicitly classified as Internal or Public should be treated as Restricted data.
The highest level of security controls should be applied to Restricted data.
Storage: Restricted data should be stored in Givio approved cloud databases (e.g. AWS) and encrypted in all states.
Access: Access to Restricted data is limited to Givio personnel whose job descriptions require access, including selected developers working in Givio databases and testing certain features such as reporting.
Examples of Restricted data include:
Data protected by state or federal privacy regulations.
Data received and protected by confidentiality agreements.
Personally identifiable information and payment information, including client, user and transaction data. For example:
It is a policy of Givio that Givers determine whether or not to share their names and emails with recipient nonprofit organizations. Such data should be stored in Givio approved cloud databases and encrypted. Access is limited to developers working in the Givio databases and personnel providing customer support services. The limited transmission of such data is governed by Giver permissions and gift distribution protocols.
Givio intellectual property, including account information.
2.2 Internal Data
Data should be classified as Internal when the unauthorized disclosure, alteration, or destruction of the data could result in a moderate level of risk to Givio and/or Givio’s employees, clients, users, third party vendors, partners and affiliates. By default, all data that is not explicitly classified as Restricted or Public should be treated as Internal data.
A reasonable level of security controls should be applied to Internal data. Internal data shared outwardly under confidentiality agreements should be marked as “Confidential.”
Storage: Internal data should be stored in Givio approved cloud databases and third party services (e.g. AWS, Quickbooks, Freshdesk). Internal data may be stored on password protected devices such as laptops with encrypted storage
Access: Access to Internal data is limited to Givio personnel whose job responsibilities require access to the data, including selected developers working in Givio databases and testing certain features such as reporting.
Examples of Internal data include:
Givio financial information.
Internal and client communication.
Client data not containing sensitive or Restricted content.
System metadata.
Givio policies and procedures.
2.3 Public Data
Data should be classified as Public when the unauthorized disclosure, alteration, or destruction of the data would result in little or no risk to Givio and/or Givio’s employees, clients, users, third party vendors, partners and affiliates. While little or no controls are required to protect the confidentiality of Public data, use common sense controls to prevent the unauthorized modification or destruction of Public data used by Givio personnel. For example, when sharing a report or presentation for public distribution, share in a PDF format, not an easily alterable content management format.
Storage: Public data may be stored and shared on devices without restriction.
Access: There are no access limitations for Public data.
Examples of public data include:
-Press releases.
-Sales and marketing presentations.
-Published APIs.
-Charity profile content found in the Givio app.
-Publicly available information used by Givio in its day to day operations.
Data center location(s)
United States
Data hosting details
AWS
Data hosting company
AWS
App/service has sub-processors
no
Certifications & compliance
Data deletion request procedure
Givio retains data in accordance with our Corporate policy. Officials should contact support@giv.io for more information on this topic and any data that needs to be deleted
HIPAA compliant
no
While this app may offer HIPAA compliance, Slack does not have a business associate agreement with any third-party application providers, including those in the Slack Marketplace, so you are responsible for validating the provider's compliance and executing an appropriate agreement before enabling.
Security
Supports Security Assertion Markup Language (SAML)
no
Has a dedicated security team
no
Contact for security issues
support@giv.io
Has a vulnerability disclosure program
no
Has a bug bounty program
no
Requires third party authorization/connections
no
Uses token rotation
no