Data Security
Overview
GDPR
Privacy by Design
Platform Architecture
Privacy Policy & The Agreement with Data Controllers

Data Security

Explore the steps we take to protect your data
GDPR
Find out how Makerble enables organisations to meet their obligations as a data controller.
Learn More
Multi-Factor Authentication
Access to Makerble is restricted to users who login using an email address and password.

Organisations can enable Multi-Factor Authentication across their account which means that once a user has entered the correct email address and password during the login process, they receive an SMS or Voice Call containing a 6-digit code that must be entered in order to gain access to the platform.
Privacy by Design
Find out how Role-based User Access and configurable privacy levels give you control over the level of access that each user has to every piece of data in your database.
Learn More
Platform Architecture
Find out how data on Makerble is stored, encrypted and backed up.
Learn More
Privacy Policy and Agreement with Data Controllers
Find out how we perform our responsibilities as a data processor.
Learn More
For additional information about how we protect your data, contact dataprotection@makerble.com

GDPR Compliance

At Makerble we give you the tools to comply with GDPR. In relation to your clients’ personal data, Makerble is the data processor and your organisation is the data controller.
1. CONSENT
- The General Data Protection Regulation requires that you get consent from the people whose data you store.
- When you store a person’s information on Makerble, they are stored as a Contact.
- One of the fields within the Contact form is called Consent and it allows you to record whether you have obtained that person’s consent. Heres how it works in practice:
      - If you ask people to sign a paper consent form, you can upload that signed form to their Contact record on Makerble
     - Using the Date of Consent field on Makerble, you can record the date that consent was granted
      - Using the Who Consent was Granted by field on Makerble, you can record whether it was the person themselves, a parent, guardian or someone else who gave that consent.
     - You can easily add additional consent fields to your Contact forms.
2. RESTRICTED ACCESS TO SENSITIVE PERSONAL DATA
- The GDPR requires that organisations restrict access to people’s Personal Data.
- On Makerble, you can customise the level of access that each user has to each beneficiary, client, service user and person you work with.
3. DATA STORAGE
- When you use Makerble, your data is stored on servers housed in secure data centres located within the European Economic Area - specifically within the Republic of Ireland.
- The data is encrypted at REST and stored in AWS S3 buckets.
- Your data is never sold.
4. DATA RIGHTS
- Under the GDPR, people have rights related to the data you store about them. Among those rights are the right to request that you delete all data you store about them, show them the data you store about and move the data that you store about them to another organisation.
- Makerble gives you the tools to comply with these regulations.
      - Deletion: in the event that one of your beneficiaries requests that you delete the data you store about them, you can easily do this on Makerble by pressing the Delete Contact button.
        - Access: in the event that one of your beneficiaries requests that you give them access to the data you store about them, you can print their beneficiary record from the Contact profile page.
        - Portability: in the event that one of your beneficiaries requests that you move the data you have about them to another organisation, you can give that organisation access to the Contact profile of that beneficiary.  
5. LEGAL BASIS
- Under the GDPR you must record the legal basis for which you are processing someone’s personal data.
- On Makerble we support you to do this by enabling you to select the legal basis on which you are storing information about the beneficiaries you work with. In many cases it will be Consent or Legitimate Interest.
- There are six possible legal bases on which you can process someone’s personal data.
     (a) Consent: the individual has given clear consent for you to process their personal data for a specific purpose.
     (b) Contract: the processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering into a contract.
     (c) Legal obligation: the processing is necessary for you to comply with the law (not including contractual obligations).
     (d) Vital interests: the processing is necessary to protect someone’s life.
     (e) Public task: the processing is necessary for you to perform a task in the public interest or for your official functions, and the task or function has a clear basis in law.
     (f) Legitimate interests: the processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests. (This cannot apply if you are a public authority processing data to perform your official tasks.)

For additional guidance on how to adhere with the General Data Protection Regulations, contact our Data Protection Officer by email: dataprotection@makerble.com. Additional resources are available from The Information Commissioner’s Office: https://ico.org.uk/

Privacy by Design

We designed Makerble with privacy in mind from the outset. Every Makerble App has privacy controls woven into the user experience to give complete control over the level of access that each user has to every piece of data.
Role-based User Access
Every organisation can manage its users from the Manage Colleagues page. Every user has an Organisation role and/or a Project role on every project they are part of.
Roles:
- Organisation Roles: Organisation Admin, Project Creator and Organisation Observer.
- Project Roles: Project Manager, Project Reporter and Project Observer.
Examples:
- Frontline staff tend to be given the Project Reporter role on the specific projects that they are part of.
- Fundraising, Strategy, Operations and Reporting colleagues tend to be Project Observers so that they have Read Only access.
Contact Privacy
Decide the level of access that each user has access to every contact in your database
Access Levels to each individual Contact:
- Post Update Access: user is allowed to post updates, e.g. notes from a 1-2-1 meeting
- Profile Access: user is allowed to read-only access to the Contact record
- Headline Access: user is allowed to see the name of the Contact and other metadata such as the projects they are part of, but not the full Contact record
- No Access: user does not have any access to the Contact

Access Levels to each individual Contact are Role-based although you can make exceptions for specific users as required.
Examples:
- Mentors, Counsellors and Advisors typically have the Project Reporter role however because they are only meant to have access to the handful of people whom they support, the General Setting for Project Reporters in the Mentoring project would be No Access to this specific Contact but the Override Setting would be used to give the Mentor Post Update Access so that they can write up their session notes.
Story Privacy
Every time you post an update about a project or contact, it is saved in your database as a story. Survey responses are saved as stories. An Organisation Admin sets the default privacy level for all stories and decides whether the authors of each story are allowed to change the privacy settings of the stories they post.
Progress Tracker Privacy
Assign particular outcomes, indicators, outputs and KPIs (Progress Trackers) to specific people. Determine whether other project colleagues have permission to see those Progress Trackers or not.
Progress Board Privacy
Progress Boards allow you to report your progress towards every outcome, indicator and metric you are tracking in your database. Choose whether you want funders, trustees or partners to have Read-only access to a particular Progress Board.
Project Privacy
Every area of work exists as its own project on Makerble. In addition to giving users Role-based Access to each project, Organisation Admins have the ability to set the privacy level of the project. This determines whether the project page is only visible to project colleagues (users who have been given Role-based Access to that project) or whether it is also visible on a Read-only basis to the wider set of Organisation Colleagues.
Album Privacy
Albums pull together progress from multiple projects. A project can be part of many albums. Album Privacy allows you to decide which users have access to that particular aggregated view of progress from multiple projects.

Platform Architectuure

Makerble is a cloud-based software-as-a-service platform which you can access from any device with a web browser and internet connection, anywhere in the world. This means that you no longer need to worry about installing software onto your computers. We can give you offline capability in the form of our Android application which works on tablets and mobile devices.
Secure data storage in Europe
- We use virtual data storage provided by Amazon Web Services, who are world leaders in cloud computing technology.
- Your data is stored in an AWS S3 bucket.
- Find out more: www.aws.amazon.com
Industry Standard Data Structure
- We use a PostgreSQL database which is the world's most advanced open-source database
- We create regular backups of our database which means that in the unlikely event of a disaster, we can restore your information quickly
- Find out more: www.postgresql.org
Our platform is built using the same coding language as Airbnb, Basecamp and Shopify
- We use Ruby on Rails to write the majority of code underpinning Makerble
- Our code is worked on collaboratively by our development teams in London and India using Github.
- Find out more: https://rubyonrails.org/
Hassle-free transaction processing
- We use Stripe to manage payments and donations on Makerble. It is a powerful online payments platform with backing from PayPal.
- Stripe's tools mean that as soon as a donation to a project happens on Makerble, the donation is transferred to your organisation's Stripe account and automatically deposited in your bank account a few days later.
- Find out more: https://www.stripe.com/
Business Continuity
- We can activate an escrow service on your account which means that in the event that Makerble is no longer able to support or provide its software-as-a-service, our escrow provider will continue to provide the service.
- The default arrangement is a one year provision of service so that you can continue with business as usual while you decide whether to use the Makerble source code to continue running the software yourself or switch to another provider.
- Find out more: http://www.escrowlondon.co.uk/

Products

Makerble® Workflow

Makerble® Surveys

Makerble® Impact

Workflow Lite: CRM

Workflow Lite: Scheduling

Impact Evaluation

Use Cases

Audience Insight & Customer Experience

Case Management & Service Delivery

Grantmaking & Commissioning

Impact Reporting & Evaluation

Learning, Training & Education

People, Culture & Inclusion

Research, Strategy, Innovation

Resources

Partner with us

Company

Contact us on +44 (0) 1225 595594

You're already changing the world.

We're here to help you change it faster.