Do Some Good from an end-user point of view is a multi-tenant software as a service platform that mirrors common design patterns with popular social networks, allowing a single user account role-based access to multiple businesses and/or organizations ranging anywhere from a simple follower relationship, all the way to full administrator of each.
Our company believes that the strength in a community platform is breaking down traditional software silos and bringing all the users and stakeholders into a single unified experience.
Overall Philosophy
- Users are in control of their privacy settings, data, and can perform / request deletion of their accounts at any time. Upon deletion, content they’ve submitted to specific organizations and businesses such as volunteer records and form submissions will be anonymized to the extent possible to retain accurate records, while protecting privacy.
- Any data retained on users, businesses, and community organizations will always be hosted on Canadian servers, owned and operated by Canadian companies, governed by our laws and protections. The only exception being publicly visible photos in stories, logos, and profile images; these images can be served by an international content delivery network for fast delivery nearest to the people viewing them.
- Every single component of Do Some Good runs on fully encrypted servers using industry-standard best practices. Everything including backups are encrypted at rest and in transit.
- No data is sold to third parties. Any data used for analytics, error monitoring, etc that requires a 3rd party platform is scrubbed of personally identifiable information. We care about tracking the engagement and success of content, not tracking our users We leverage our own first-party analytics system with the data owned and hosted by Do Some Good under the same principals as the rest of our data.
- We monitor and have alerting on our systems with a close eye on availability, error levels, performance and security through a variety of channels.
Core Technologies
(For those of you who want to geek out with us)
- React / Node.js for a snappy, modern user-experience. Server-Side Rendering with client-handoff for better SEO and fast loading first visits.
- React Native for iOS and Android apps, for the same snappy experiences on the go
- OAuth 2.0 compliant RESTful API Integrates with Microsoft Entra ID for Single Sign-On via OpenID Connect and SCIM 2.0 for account synchronization with your company’s active directory.
- PostgreSQL and Redis for scalable and performant databasing
- Prometheus and Grafana for extensive custom metrics monitoring and graphing
- Bare-metal Kubernetes enabling scalable and resilient hardware operations, leveraging a blend of high performance dedicated servers supplemented by virtual private servers in partnership with our datacenter provider
Security
- A blend of hardware, software and WAF firewall solutions, leveraging the strengths of each
- DDoS protection from upstream providers and datacenter partner
- Internet-facing servers expose no ports other than HTTP/HTTPS ports to deliver web traffic
- All server administration performed over secure tunnels/VPN leveraging enforced public-private key-pairs and MFA Server access is logged/announced Short idle timeouts ensuring no sessions are left open and exposed
- All Do Some Good servers run on private VLANs and are isolated from other datacenter customers
- API server is single point of authority and role-based access control to data for all DSG services and interfaces
- All significant actions regarding login and mutation of platform data via API are tracked in audit logs, including actions performed by privileged DSG staff
- Platform, server keys, PKI and other sensitive configuration values are kept exclusively in an industry-standard vault/secret management system, following the principle of least privilege, requiring multiple trusted DSG staff members to unseal, all access via short-lived tokens tied to strict policies
- Software dependencies and container images are audited frequently for CVE’s & security bulletins, operating systems are kept up to date with live-patch enabled kernels.
Reliability
- Partnered with our datacenter for collaborative solutions in infrastructure needs and problem solving, providing resiliency via: Backup batteries and generator. Redundant, expandable backing network storage. Hardware maintenance, including spare components on standby for our dedicated servers. Multiple top-tier Canadian ISP fibre connections. Redundant routing and switching hardware with automatic failover. Multi-layer physical security and access restrictions to servers 24/7 monitoring
- Each of our dedicated servers utilizes redundant enterprise-grade operating system and data disks, redundant power supplies, and spare capacity is kept to pick up slack if hardware goes offline or needs maintenance
- Self-Healing services that respond and reallocate where resources are most available, automatic health monitoring, failover via Kubernetes
- Multiple secure backups each day for disaster recovery and point in time data recovery in the event of unexpected loss
- Disaster response, communication plans and procedure guides in place for more effective restoration of services in the event of unexpected issues in a variety of scenarios