ShelterLoop ShelterLoop

Security at ShelterLoop

Protecting the data that powers your rescue mission.

At ShelterLoop, we recognize that rescue organizations handle sensitive community data. We are committed to maintaining a secure environment for your staff, volunteers, and adopters.

Our Security Standards

We employ industry-standard practices and modern infrastructure to safeguard your information:

  • Secure Transmission: All traffic to our platform is encrypted using Transport Layer Security (TLS/SSL).
  • Data Protection: Sensitive records, including medical documents and signed contracts, are stored in encrypted environments with strict access isolation.
  • Access Control: Our platform utilizes granular Role-Based Access Control (RBAC) and Multi-Factor Authentication (MFA) to ensure that only authorized users can access sensitive data.
  • Audit Logging: Every significant administrative action is recorded in a permanent, non-purging audit trail to maintain a clear chain of custody.
  • Secure Payments: ShelterLoop does not store credit card numbers or financial credentials. All payments are handled by PCI-DSS compliant providers like PayPal.

Infrastructure & Resiliency

Our infrastructure is designed for high availability and disaster recovery:

  • Automated Backups: Core databases are backed up daily, and media assets are mirrored hourly to geographically redundant standby sites.
  • Disaster Recovery: We maintain "Warm Standby" environments to ensure operational continuity in the event of a primary site failure.
  • Proactive Updates: We regularly update our software stack and infrastructure to protect against newly discovered vulnerabilities.

Reporting a Security Issue

If you believe you have found a security vulnerability in the ShelterLoop platform, we encourage you to let us know right away. We investigate all reports and prioritize legitimate fixes.

How to Report:

Please email our security team at [email protected].

Please include:

  • A detailed description of the issue.
  • Steps to reproduce the vulnerability.
  • Any relevant URLs or screenshots.

Our Commitment:

  • We will acknowledge your report within 2 business days.
  • We will keep you informed of our progress as we investigate and remediate.
  • We will not take legal action against you if you act in good faith and follow responsible disclosure guidelines.

Last Updated: May 12, 2026