Data Security & Privacy | Volaby - Volunteer Management Made Simple

Security & Data Protection

Volaby is proudly designed and developed in Australia. We understand that organisations managing volunteers handle sensitive personal information, and we take that responsibility seriously.

Local Data Hosting

Your data stays in Australia. All customer information is stored exclusively on Amazon Web Services (AWS) infrastructure in Sydney, ensuring full compliance with Australian data sovereignty requirements.

Our databases are encrypted, including data encryption both in-transit and at rest. We regularly engage third-parties to perform penetration testing, to ensure our security practices are best-practice. Be confident your organisation is only storing necessary data by building and selecting the information you store about your volunteers and users.

Need data hosted in another region? We can accommodate specific geographic requirements on request.

How We Protect Your Data

Encryption

Our databases are encrypted, including data encryption both in-transit and at rest:

TLS 1.2+ secures all data transmission
AES-256 encryption protects stored data

Backups

Daily automated backups ensure your data is protected, with quick restoration capabilities if ever needed.

Infrastructure

We leverage AWS's enterprise-grade security including private network isolation, firewall monitoring, and regular security patching.

Access & Authentication

Multi-Factor Authentication

MFA adds an extra layer of protection to user accounts, guarding against unauthorised access. Utilising the more secure TOTP protocal, organisations can define which user levels must set-up MFA and have confidence in their platform's security.

Role-Based Permissions

Granular controls ensure team members only access what they need, from organisation-wide administrators to activity-specific coordinators.

Security Testing

We conduct regular third-party penetration testing by independent security firms to identify and address potential vulnerabilities. Our security practices are aligned with ISO 27001 requirements.

Compliance

Australian Privacy Act 1988 and Australian Privacy Principles (APPs)
GDPR compliance for organisations with European volunteers
PCI DSS Level 1 payment security via Stripe. Volaby does not store card details.

Uptime & Reliability

Volaby maintains 99.99%+ uptime, so your team and volunteers can access the platform when they need it. The Volaby status page is available here

Your Data, Your Control

You maintain ownership of your data with the ability to export or request deletion at any time. For full details, see our Privacy Policy.

Questions?

For security inquiries or to request detailed documentation, reach out to support@volaby.org.