Security

One important consideration when choosing a software platform like Church Social is the privacy and security of your data. You can rest assured knowing that your congregation's data is safe with us. This is something we take very seriously. Church Social was built with security front-of-mind from day one, and it's something we continually improve on. The following outlines many of the things we do to protect your data.

Hosting Infrastructure

  • Our hosting infrastructure is managed with Heroku, a top-notch hosting platform-as-a-service in terms of security and redundancy. For more information about Heroku's security, see here.
  • We keep extensive logs of all system activity.
  • We have two-factor authentication enabled for all server, code hosting and continuous integration services.

Application Layer

  • We use a highly reputable, industry leading server-side web framework, called Laravel, which follows modern best security practices, especially when it comes to user authentication, session management, password hashing, encryption, etc.
  • Password strength is validated against Dropbox's zxcvbn password strength estimator.
  • We check 3rd party code against known vulnerability databases.
  • Our policy based authorization system ensures that each congregation's data is segmented and contained within their own account.
  • All database queries are executed with parameter binding, preventing SQL injection attacks.
  • We use CSRF tokens to prevent cross site request forgery.
  • All user generated data is escaped on output, preventing XSS attacks.
  • We log all application errors (server-side and client-side) and log them to a bug tracker for review.

Firewalls

  • Firewalls are utilized to restrict access to systems from external networks and between systems internally.
  • We use Cloudflare DNS security features to protect us from DDoS attacks, prevent hacks on customer data and block malicious bots.
  • We use Cloudflare's high level IP reputation to automatically block visitors exhibiting malicious behaviour.
  • We use Cloudflare's Web Application Firewall (WAF) service, which protects our app from many possible vulnerabilities, including the OWASP Top 10.

Encryption

  • Our website and app are only available over an encrypted (SSL enabled) connection (HTTPS).
  • Passwords are one-way encrypted using the bcrypt hashing function.
  • Our PostgreSQL database is encrypted at rest.

Testing & 3rd-Party Audits

  • We've contracted a third-party web security company (Digital Boundary Group located in London, Ontario) to do a thorough web application penetration test on Church Social.
  • We have a full automated test suite which validates the expected system behavior when any change is made to the codebase.
  • We use an automated vulnerability scanner to continually monitor our app for possible security issues.
  • We check 3rd party code against known vulnerability databases.

Data Retention

  • Our PostgreSQL database has a rolling 4-day backup, and is encrypted at rest.
  • User generated content, such as sermons, files and photos are stored on Amazon S3, with versioning enabled.
  • Churches can optionally download their data and save it offline.

Access & Privacy

  1. All data within Church Social is private and secure, managed by the appointed church administrator. Member information is only visible to other members of the congregation that have logged into the app and is in no way publicly accessible. Member accounts must be approved by the administrator.
  2. By default, members with an account are able to see the following personal information about other members and guests:
    • Full Names
    • Contact information (phone, email, address)
    • Birth dates
    • Wedding anniversary dates
    • Maiden names
    • Family photo (if provided)
  3. Members have the option to keep some or all of their information hidden from other members and must make their request for privacy by contacting the administrator. There are also church-wide privacy settings if a congregation chooses to hide some or all information by default. This decision is made by the church leadership. Only the administrator has the access to change privacy settings at an individual or membership-wide level.
  4. Office bearers (pastors, elders and deacons), if specially designated as such in the app, will continue to see all of the information for members. The church leadership is bound by its own confidentiality agreement, which extends to all member information within the app and is therefore the responsibility of each church to enforce. In addition to the information outlined in #2, office bearers can also see:
    • Gender
    • Birth names
    • Baptism date, church and pastor
    • Profession of Faith date, church and pastor
    • Marriages (spouse, start/end dates)
    • Memberships (start/end dates, previous church, left to church)
    • Notes from the administrator
  5. Members can also request that the administrator “hide” all their information, including their names from all other members, including office bearers. Administrators can grant this request by unchecking the “visible” privacy setting box. This will disable the member’s account, removing their access to login or receive messages. They will not be visible anywhere in the app to anyone except the administrator. These members will be included in membership statistic reports run by the administrator but will not be included in any app-generated lists.
  6. In rare situations, certain members may request that their information be completely remove from the software. In the interest of living peacefully with one another, the church leadership can choose to acquiesce with their request. When this happens, these members will not be part of comprehensive church historical records, current statistics or the member directory.

You can find our privacy policy here.