Hello! TL:DR - Please help! Small nonprofits have created horrible mutant tech stacks and are drowning, with no resources. We are trying to build a system to help provide relief from common pain points, but are just a couple of crazy nonprofit workers and artists with a dream and no real development or cybersecurity experience. We need real expert advise because our tools are helping people, but we want to do this right.
__
Hi, I'm Steph, and I'm here looking for advice. Quick background context, about 6 years ago I became the director of a small failing nonprofit organization with an INSANE tech stack, including a hyper-customized Salesforce trash fire. I have spent the past 6 years learning tons of different SaaS platforms and trying to make sense of how nonprofits even function in the current tech landscape.
Our nonprofit is an umbrella organization, providing support to 100+ small nonprofits and cultural groups. We recently did some research and have designed a pilot program to help vibe code some very simple applications to save nonprofit workers time (and sanity), so they can focus on more mission-driven work.
Now, the program is growing, but we are realizing we have to think more seriously about security. Here is what we have built into the approach so far: tools work from data exports rather than connecting to live systems, we are avoiding third-party API and SaaS dependencies, no tool is given direct access to partner accounts or credentials.
Many of the use cases involve users inputting CSV files to output dashboard views. The problem we face now is we are working with some organizations with more valuable data and we want to 1. protect them and 2. protect ourselves. I guess the question is, where should we even begin?
Thank you!