Skip to content

Certified, Compliant, and Secure

At Give River, our policies, processes, and systems are designed to create a wonderful user experience while protecting your team's information.

Industry Standards in Security and Compliance

  • AWS Infrastructure
  • AES-256 Encryption
  • GDPR Ready
  • 24/7 Monitoring
  • SOC 2 Ready

What Data Does Give River Collect?

Data Collection

Give River collects only non-sensitive, work-related personally identifiable information (PII):

  • Name (required: first and last; optional: preferred name)
  • Work email (primary account identifier and login)
  • (Optional) Birthday month/day - NOT year (for celebration reminders)
  • (Optional) Mailing address (for physical rewards delivery)

We Do NOT Store

No application data is public. Information can only be accessed by authorized users within your organization.

  • Sensitive PII (Social Security numbers, driver's licenses, passport information, full bank account details)
  • PCI payment card data (payments processed through Stripe)
  • HIPAA health/medical information
  • FedRAMP government data
  • SOX financial reporting data

How Does Give River Protect Your Data?

Your data is processed and stored using industry-leading security standards

Firewall

AWS Web Application Firewall (WAF) protection

Load Balancer

AWS auto-scaling and provisioning with multi-region redundancy and automated failover

Application

Containerized deployment on AWS Elastic Beanstalk with continuous delivery pipeline

Database

AWS RDS MySQL with AES-256 encryption at rest and automated redundancy

Security & Reliability Standards

  • Daily automated backups with 30-day retention
  • 99.9% uptime SLA with point-in-time recovery capabilities
  • Data recovery within 24 hours maximum through automated staging environment rebuilds
  • Role-based access controls with multi-factor authentication (MFA)
  • Infrastructure access restricted by least-privilege principles
  • 24/7 monitoring with automated alerting

FAQs

Common questions about our security practices

  • Yes! All information in Give River is encrypted in transit using TLS 1.3 and encrypted at rest using AES-256 encryption within AWS RDS.

  • We support single sign-on (SSO) and maintain role-based group and user access control with MFA requirements.

  • We follow SOC 2 security standards and are working toward formal Type II certification. We conduct regular security assessments and maintain compliance with GDPR and CCPA requirements.

  • We run AWS-managed infrastructure and all data is stored within the United States. All data is owned by your company and can be accessed, edited, or deleted by your administrators.

  • Encrypted data is backed up daily and stored for 30 days. Backups can be restored to an exact point in time when needed.

  • Yes! Our disaster recovery procedures include automated failover, geographic redundancy, and a 4-hour Recovery Time Objective (RTO).

  • Contact us at support@giveriver.com or through our Help Center. Your support ticket will be investigated and resolved promptly.

See full FAQ →