Security Practices

With the growing number of online data breaches and cyber attacks, protecting our data has never been more important. JustFund is a web application developed by the JustFund team in collaboration with the cybersecurity and software development company ATOM, and is built to transform grantmaking while also keeping data private and secure. The following are some of the software and design practices to meet this goal.


  • JustFund is a platform is built on the MERN stack, a modern, enterprise level application stack stored in the US regions of Amazon's Web Services Cloud. This platform is among the industry leaders in information security.


  • The database storage of the JustFund platform is fully encrypted at rest by default. All traffic destined for the platform and retrieved from the platform is encrypted in transit via SSL 256bit encryption.


  • JustFund's application services are housed in Amazon Web Services which is containerized and isolated for maximum security.


  • JustFund site data is stored in Amazon RDS and backups are run daily to protect against data loss in the event of an emergency.


  • JustFund conducts vulnerability scanning on a quarterly basis as part of our software development lifecycle. The last scan revealed no vulnerabilities.


  • JustFund completed a third party external penetration test and code level security review in fall of 2020.


  • All ATOM engineering source code and any changes must pass through an independent peer review for best practices by a senior engineer before being committed to the platform.


  • JustFund is protected by CloudFlare against denial of service related attacks.


  • ATOM as a software development organization focuses on regulated industries and has an in-house, full service security and human privacy practice in Portsmouth, NH that advises and coordinates security with software engineers.