# Security

Our systems are designed so that only authorized users can take authorized actions, and with end-to-end encryption that protects all parties involved.

{% hint style="info" %}
For more information on DAFpay security standards, see [dafpay-security](https://help.givechariot.com/onboarding/trust-and-safety/security/dafpay-security "mention").
{% endhint %}

### Secure by Design

{% stepper %}
{% step %}

#### <i class="fa-handshake">:handshake:</i>  Interaction

Chariot’s technology is built to only interact with the fields or details required to complete a task. For example, our DAFpay technology interacts only with fields in a portal that are needed to submit a grant request.
{% endstep %}

{% step %}

#### <i class="fa-door-closed">:door-closed:</i>  Access

Chariot follows the "principle of least privilege", meaning that access to Chariot's systems are, by default, restricted, and only granted on an as-needed, per request basis. This is true for both our clients and our internal team.\
\
All users accessing Chariot’s dashboard must have Multi-Factor Authentication (MFA) enabled to login. Chariot’s staff is also required to have MFA enabled for all internal tools and systems.
{% endstep %}
{% endstepper %}

### Built with the Best

{% stepper %}
{% step %}

#### <i class="fa-computer">:computer:</i>  Modern Technology

Chariot is hosted on [AWS](https://aws.amazon.com/) cloud infrastructure in the United States, leveraging years of safety enhancements to ensure maximum performance, resilience, and speed of deployment.
{% endstep %}

{% step %}

#### <i class="fa-lock">:lock:</i>  Encryption

Information that Chariot’s technology passes through, but does not store, (e.g. login credentials in DAFpay) is fully encrypted in both directions.\
\
We use a combination of the Transport Layer Security (TLS) and Advanced Encryption Standard (AES-256) to keep your personal information safe.
{% endstep %}

{% step %}

#### <i class="fa-eye">:eye:</i>  Monitoring

Chariot's infrastructure is continuously monitored using industry-leading intrusion detection systems that provide alerts for control breaches or when infrastructure needs attention.\
\
Our 24/7 on-call team ensures all alerts are acted on promptly.
{% endstep %}

{% step %}

#### <i class="fa-person">:person:</i> Expert Advisory

[Oneleet](https://www.oneleet.com/), a leading cyber security advisory firm, performs system monitoring and hosts our [public trust center](https://trust.givechariot.com/) for maximum transparency.
{% endstep %}
{% endstepper %}

### External Review

{% stepper %}
{% step %}

#### <i class="fa-list">:list:</i>  Third-Party Audits & Testing

* SOC 2, Type 2 Compliant
* Third-Party Penetration Tests
* Documentation available upon request via our [trust center](https://trust.givechariot.com/)
  {% endstep %}

{% step %}

#### <i class="fa-clipboard">:clipboard:</i>  **InfoSec Diligence By Customers**

Chariot has undergone rigorous vendor review processes with dozens of major hospital systems, universities and large multinational organizations.
{% endstep %}

{% step %}

#### <i class="fa-building">:building:</i>  **Bank Partner Program**

Chariot is a financial technology company, not a bank. We are a program of Column N.A., Member FDIC, which ensures that we adhere to strict security standards with ongoing monitoring and review.
{% endstep %}
{% endstepper %}

### At Chariot, Security Comes First

Chariot builds its products with security and transparency in mind. Review our [security documentation](https://trust.givechariot.com/) to learn more.