Effective Date: April 29, 2026 · Policy Owner: Christian Esqueda, Founder & CEO
This policy establishes the minimum security practices MicroGive follows to protect consumer financial data, third-party API credentials (including Plaid access tokens), and production infrastructure. It applies to all systems, personnel, and contractors with access to production assets.
Principle of least privilege — access to production systems is granted only to personnel who require it to perform their role, and is revoked immediately upon role change or departure.
DONOR, ORG_ADMIN, or SUPER_ADMIN. Role permissions are enforced server-side on every API request via JWT middleware.SUPER_ADMIN actions (e.g., user management, batch processing controls) are restricted to internal staff only and protected by invite-only account creation.In transit: All data transmitted between clients and servers uses HTTPS enforced by Railway (API) and Vercel (frontend), both of which provision TLS 1.2+ certificates automatically. No unencrypted HTTP is exposed in production.
At rest: Plaid access tokens received from the Plaid API are encrypted before storage using AES-256-GCM (256-bit key, 96-bit random IV, 128-bit authentication tag) in accordance with NIST SP 800-38D. The encryption key is a 256-bit key stored as an environment variable on the Railway platform.
Data minimization: MicroGive stores only the consumer data necessary to provide the service — specifically, Plaid access tokens (encrypted), donation allocation preferences, and transaction metadata. Raw bank account numbers and full transaction histories are not stored.
Retention and deletion: Consumer data is retained for the duration of the account relationship plus 90 days following account closure, after which it is deleted from production and backup systems. Users may request data deletion at any time by contacting security@microgive.co. Requests are fulfilled within 30 days in compliance with applicable privacy laws (CCPA).
Detection: Errors and anomalous behavior are monitored via Sentry (production error tracking). Infrastructure-level alerts are managed through Railway and Vercel platform notifications.
Response procedure:
| Step | Action | Timeframe |
|---|---|---|
| 1 | Identify and confirm the incident scope | Within 2 hours of detection |
| 2 | Contain — revoke affected credentials, isolate impacted systems | Within 4 hours |
| 3 | Notify Plaid and affected third-party partners | Within 24 hours |
| 4 | Notify affected consumers if financial data was exposed | Within 72 hours (CCPA requirement) |
| 5 | Root-cause analysis and remediation | Within 7 days |
| 6 | Document incident and update controls as needed | Within 14 days |
Contact for reporting a security incident: security@microgive.co
Dependencies: npm audit is run as part of the CI/CD pipeline. High and critical severity vulnerabilities in third-party dependencies are patched within 14 days of disclosure.
Infrastructure: Production infrastructure is hosted on Railway and Vercel managed platforms, which handle OS-level patching and network-level vulnerability remediation.
Code review: All changes to production code are reviewed before deployment. No direct commits to the main branch without review.
Employees and contractors with access to production systems or consumer data must:
Violation of this policy may result in immediate revocation of system access and termination of employment or contract.
This policy is reviewed annually by the policy owner and updated to reflect changes in the threat landscape, regulatory requirements, or business operations. Material changes are communicated to all personnel with production access.