Security is one of the top concerns for grantmaking organizations, particularly when moving their grants management operations to a cloud-based solution. Protecting data and system security is a core Fluxx business practice. We offer best-in-class security features and run comprehensive audits of our applications, systems, and networks to ensure customer data is always protected. Fluxx solutions are hosted on Amazon Web Services (AWS), the award-winning secure cloud service provider, that handles all physical security of hardware and networking. That’s why our customers are confident that their information is safe and their Fluxx system is secure.
FLUXX AND AWS MEET STRINGENT SECURITY AND COMPLIANCE STANDARDS, INCLUDING:
SOC 2 Type 2 CCPA GDPR
BENEFITS
Keep your data close to your chest with hosting options around the world
Defend your grantmaking data and system against unauthorized intrusions and improper use.
Secure the information you exchange with your grantees.
Protect your data history and system configurations from failure and disaster.
Leading grantmakers trust Fluxx with their data
"Fluxx takes security seriously. They have been a great partner over the past 6+ years, and share our values and priority around cybersecurity and building and running a secure platform. Fluxx is very responsive to dynamic cybersecurity needs.”
JOHN MOHR, CIO, MACARTHUR FOUNDATION
ENSURING SECURITY FROM CLOUD TO SCREEN
SECURE REGIONAL HOSTING
Fluxx offers data hosting via Amazon Web Services (AWS) in the US, Europe, Oceania, Canada, and Hong Kong.
SECURE APPLICATION
Fluxx uses rigorous Software Development Life Cycle (SDLC) with systematic code reviews and automated tests to build the most secure system. Fluxx also employs external experts to perform detailed penetration tests annually.
SECURE NETWORK
Logical security is enforced at every level, from usage of Amazon’s Virtual Private Clouds (VPC) to leveraging best-in-class Kubernetes security configurations. Intelligent threat detection is provided by AWS GuardDuty, with managed DDoS protection via AWS Shield.
SECURE DATA
All data is encrypted in motion via TLS 1.2+ and at rest on disk
SECURE USERS
Fluxx offers both a SAML 2.0-supported Single Sign-On (SSO) connection and Multi-Factor Authentication (MFA) to protect user access. Individual access managed via role-based and/or attribute-based permissions. Password storage uses a salted cryptographic digest.
SECURE CODE
Github info leak vulnerability and code scans are performed continuously.
SECURE OPERATIONS
Policies, controls, and 24/7 monitoring tools support strict security oversight of all daily activities. Administrative access to Fluxx’s AWS resources is tightly controlled and reviewed every month. Access to the underlying infrastructure is restricted by a firewall, and 2-factor authentication is only permitted from limited and trusted staff locations. Annual cybersecurity tabletops, team simulations, and disaster recovery exercises are performed across the organization to pressure test our teams, systems, and processes throughout the year.
ALWAYS ON AND AVAILABLE
Fluxx guarantees 99.5% uptime and can accommodate heavy grant submission periods without degradation in service. In addition, data is synchronously replicated between data centers, with data backups and server system images stored in separate availability zones.
See a Fluxx Grantmaker Demo
Get a personalized demo with one of our grantmaking experts
SOC 2 Type 2 
