SECURITY IS A FLUXX PRIORITY (DnD)

Security is a Fluxx Priority

Recognizing the critical importance of security for grantmaking organizations, Fluxx proactively protects data and system integrity in our cloud-based solutions. Built on Amazon Web Services (AWS), with its secure infrastructure, our systems undergo thorough audits, and feature best-in-class security measures. This commitment ensures your information is always safe and your Fluxx system is secure.

Your data is housed in physically secure Amazon Web Services (AWS) facilities across multiple availability zones, with regional hosting available in the US, Europe, Oceania, Canada, and Hong Kong.

We adhere to a rigorous Secure Development Lifecycle (SDLC) that ensures security considerations are prioritized from initial design through to deployment and maintenance.

Logical security is enforced at every level, from usage of Amazon's Virtual Private Clouds (VPC) to leveraging best-in-class Kubernetes security configurations. Intelligent threat detection is provided by AWS GuardDuty, with managed DDoS protection via AWS Shield and data is encrypted in motion via TLS 1.2+ and at rest on disk.

We partner with reputable security firms for regular internal and external penetration testing. These tests ensure our systems are robust, directly safeguarding customer data from potential vulnerabilities.

Fluxx prioritizes secure and flexible user access, offering robust authentication options. We provide seamless integration with SAML 2.0-supported Single Sign-On (SSO), enabling users to leverage their existing credentials for secure access. To further enhance security, Multi-Factor Authentication (MFA) is also available, adding an extra layer of protection.

Fluxx guarantees 99.5% uptime and can accommodate heavy grant submission periods without degradation in service. In addition, data is synchronously replicated between data centers, with data backups and server system images stored in separate availability zones.

Vulnerability Disclosure

We invite researchers and security professionals to participate in our Vulnerability Disclosure Program (VDP), where you can submit any identified vulnerabilities. Your expertise is essential in helping us enhance the security of our systems and protect our users. We greatly value your contributions and commitment to maintaining a safe digital environment. Participants are encouraged to submit detailed reports of any discovered vulnerabilities, including relevant evidence, to security@fluxxlabs.com.

Our security team is committed to reviewing and addressing submissions promptly and will engage in a responsible disclosure process with all participants.

Scope

This program covers all functionality and endpoints of the Fluxx grant management application hosted on the `*.fluxx.io` domain, including both Standard Cloud and Enterprise Cloud environments. Testing must be non-destructive and not disrupt our services or impact other customers.

Out of Scope

Dangling DNS records are explicitly out of scope. Additionally, findings related to systems not owned or operated by Fluxx, or that rely solely on automated scanning results without demonstrable impact, may not be considered actionable.

Your Security Is at the Heart of Our Platform