Hello Sulemaivory,
Thats a big question. In my other life, aka day job, "IT Security" is our business. I can go into more detail in a PM on our Discord if you are interested but for here I will answer a little more generically.
At the OPF level, we operate using the "CIS Community Defense Model v2" as a base. This is an excellent model for good overall cyber hygiene that addresses things like PII, PCI, various attack vectors and other privacy concerns. We do not store, transmit or interact with any financial data of any of our donors or volunteers so there is no need for us to move to the level of PCI compliance, for example.
Warhorn will also be brought up to this standard as we move along in its management. There are a number of things we are reviewing at the moment for Warhorn and its security posture so this will take a little time. Warhorn is not "insecure" by no means, but we will address and remedy any privacy or cyber security concerns that we find or that our users bring to our attention as quickly as possible.
I hope this answers your question. :)
