Security and Privacy are primary business objectives of I'm With Them. I'm With Them is PCI-A compliant and strives to meet GDPR requirements as much as possible. We have reviewed various well-known industry lapses, and endeavour to have in place policies, mechanisms, software, systems, and processes to reduce the likelihood of a breach.
Beyond adopting these standards, we attempt to minimize the User's uniquely identifying information we keep. Credit card processing is handled by a third party, so this is not a target for breach on our site. Of the Personal Information the User shares with us at registration, we keep only the name, birthyear, email address, and cell phone number.
Also, instead of collecting a free-response "statement" of the User's experience(s) with a perpetrator, we ask the User to characterize their experience by checking boxes and selecting buttons that capture some, but not all, of what happened. I'm With Them doesn't collect enough information for an outsider to understand the full scope of the incident.
I'm With Them is eager to work with security researchers and will respond in a timely manner to any security bug reports. As a non-profit organization, we are unable to pay bounties, but reports are greatly appreciated; we can be reached through our Contact Us page.