Encryption in Transit

Data Transmission Protection

• All data transmitted between users, the platform, and external services is encrypted via TLS-secured communication channels.
• API endpoints serving authenticated or sensitive content are exclusively accessible over HTTPS.
• Webhook payloads received from external processors are signature-verified before processing.
• Server-to-server data exchanges involving donation and membership operations are conducted through encrypted and authenticated channels.

Encryption at Rest

Stored Data Handling

• The platform database is hosted within a managed PostgreSQL environment with access controls applied at the infrastructure level.
• Database access is restricted by role-based permissions; no unrestricted public access to data tables is permitted.
• Application secrets, API credentials, and service keys are stored as environment variables and are not embedded in source code or version control.
• Server-side validation is applied to all incoming data before persistence; inputs are sanitized and bounded.
• Raw payment card data is never requested by, transmitted through, or stored within this platform.

Third-Party Payment Infrastructure

Hosted Payment Processing

• Donation payments are processed through a PCI-compliant hosted checkout environment maintained by PLS LLC USA on behalf of Dr Kumar Foundation USA.
• Payment instrument data is tokenized within the external processing environment and is not exposed to this platform.
• Payment processing infrastructure is operationally isolated from the research and knowledge management components of this platform.
• Webhook events confirming payment completion are received and verified before updating donor records.

"Data protection practices are integrated into the platform architecture and continuously aligned with applicable industry standards."