Your Security Is at the Heart of Our Platform

    padlock

     

    Security is a Fluxx Priority

     

    Recognizing the critical importance of security for grantmaking organizations, Fluxx proactively protects data and system integrity in our cloud-based solutions. Built on Amazon Web Services (AWS), with its secure infrastructure, our systems undergo thorough audits, and feature best-in-class security measures. This commitment ensures your information is always safe and your Fluxx system is secure.    

    shield

    Fluxx meets rigorous industry standards, including SOC 2 and TX-RAMP

    security

    We are committed to implementing industry best practices across all Fluxx services.

    data-protection

    Maintain business continuity by safeguarding your data from failures and disasters.

     

    We're Built to Secure Your Most Sensitive Data 

     

    Secure Regional Hosting

    Your data is house in physically secure Amazon Web Services (AWS) facilities across multiple ava.

    Secure Network

    Logical security is enforced at every level, from usage of Amazon's Virtual Private Clouds (VPC) to leveraging best-in-class Kubernetes security configurations. Intelligent threat detection is provided by AWS GuardDuty, with managed DDoS protection via AWS Shield and data is encrypted in motion via TLS 1.2+ and at rest on disk.

    Secure Development

    We adhere to a rigorous Secure Development Life Cycle (SDLC) that ensures security considerations are prioritized from initial design through to deployment and maintenance liability zones, with regional hosting available in the US, Europe, Oceania, Canada, and Hong Kong.

    Penetration Testing

    We partner with reputable security firms for regular internal and external penetration testing. These tests ensure our systems are robust, directly safeguarding customer data from potential vulnerabilities. 

    Secure Users

    Fluxx prioritizes secure and flexible user access, offering robust authentication options. We provide seamless integration with SAML 2.0-supported Single Sign-On (SSO), enabling users to leverage their existing credentials for secure access. To further enhance security, Multi-Factor Authentication (MFA) is also available, adding an extra layer of protection.

    Always on and Available

    Fluxx guarantees 99.5% uptime and can accommodate heavy grant submission periods without degradation in service. In addition, data is synchronously replicated between data centers, with data backups and server system images stored in separate availability zones.

     

    Leading Grantmakers Trust Fluxx with Their Data

    ford-logo-color   MacArthur Logo PNG   Lumina Foundation ikea_foundation-1   CIFF_logo

     

    "Fluxx takes security seriously. They have been a great partner over the past 6+ years, and share our values and priority around cybersecurity and building and running a secure platform. Fluxx is very responsive to dynamic cybersecurity needs.”

    JOHN MOHR, CIO, MACARTHUR FOUNDATION

    Vulnerability Disclosure

     

    We invite researchers and security professionals to participate in our Vulnerability Disclosure Program (VDP), where you can submit any identified vulnerabilities. Your expertise is essential in helping us enhance the security of our systems and protect our users. We greatly value your contributions and commitment to maintaining a safe digital environment. Participants are encouraged to submit detailed reports of any discovered vulnerabilities, including relevant evidence, to security@fluxxlabs.com.


    Scope: This program covers all functionality and endpoints of the Fluxx grant management application hosted on the `*.fluxx.io` domain, including both Standard Cloud and Enterprise Cloud environments. Testing must be non-destructive and not disrupt our services or impact other customers.


    Out of Scope: Dangling DNS records are explicitly out of scope. Additionally, findings related to systems not owned or operated by Fluxx, or that rely solely on automated scanning results without demonstrable impact, may not be considered actionable.


    Our security team is committed to reviewing and addressing submissions promptly and will engage in a responsible disclosure process with all participants.

    See a Fluxx Grantmaker Demo

    Get a personalized demo with one of our grantmaking experts