Security

Overview

SOC 2 Type 2 Certified

PCI Compliance

Technical & Security Encryption

Secure Coding Practice

Data Durability and Recovery

Security Bug Bounty

Local Equipment Security

Personal Security

Security Culture

Questions

Security, Compliance, Practices, and Procedures at Churchible

We place immense importance on the security of your data and the personal information of your congregation. We are fully committed to protecting it. In this section, we outline the rigorous physical and technical measures we have implemented to ensure the safety of your data, as well as the external certifications and audits we comply with to validate our practices.

SOC 2 Type 2 Certified

Churchible holds SOC 2 Type 2 certification, which attests to our ability to safeguard data from potential threats. This certification was obtained through a comprehensive evaluation conducted by the American Institute of Certified Public Accountants (AICPA).

Our policies, backup and disaster recovery procedures, incident response protocols, firewall configurations, and other critical aspects of our business were thoroughly audited by an AICPA-approved auditor, Johanson Group. We have received an Auditor's Report confirming that Churchible not only meets but surpasses the stringent SOC 2 criteria. The complete report is available upon request.

PCI Compliance

As a PCI Level One compliant merchant, Churchible adheres to the Payment Card Industry Data Security Standards (PCI DSS) set by major card associations. We have implemented physical, electronic, and procedural controls to ensure the secure storage and handling of cardholder data. Our payment processor, Stripe, is also a certified "PCI Service Provider Level 1" payment processor, known for its advanced security practices and global reputation.

Technical Security and Encryption

We prioritize the security of your data during transmission and storage. All data transmitted between you and Churchible is encrypted using HTTPS, and our databases employ encryption at rest. To prevent brute force attacks, we implement rate limiting measures, and we employ industry-standard bcrypt encryption to ensure that passwords are one-way encrypted and filtered from all our logs.

Secure Coding Practices

We take security seriously throughout our development process. Our team consists of highly skilled developers who follow secure coding practices. Code changes undergo rigorous reviews by teammates, undergo automated testing, and often undergo manual quality assurance (QA) processes. This thorough approach, although time-intensive, minimizes the likelihood of coding errors and strengthens the overall security of our platform.

Data Durability and Recovery

We have implemented a robust, multi-layered backup strategy to ensure data durability and facilitate recovery in the event of hardware failure, regional disasters, or malicious acts. Our backup strategy includes point-in-time backups and daily snapshots, providing multiple options for data recovery.

Security Bug Bounty

To ensure ongoing security, we maintain a bug bounty program through HackerOne, engaging top-notch security researchers to conduct penetration testing across all our products. We encourage anyone who discovers a security vulnerability to participate in our program and report it to us. You can request an invitation to our program by emailing hackerone@churchible.com. We prioritize prompt responses, with an average response time of less than one day.

Physical Security

All your data is stored in AWS data centers renowned for their industry-leading physical security practices, redundancy, and availability. For more information about Amazon's data centers, please refer to their documentation.

Local Equipment Security

Our physical spaces are secured with locked and alarmed premises during off-hours. While we take precautions such as password protection and encryption for local computers, it's important to note that our servers are not housed within our buildings, minimizing the risk of theft. Our employees access customer data using encrypted connections and must provide a time-based one-time password upon connection to ensure the highest level of security.

Personnel Security

We are fortunate to have a team of brilliant individuals who genuinely care about the success of our company. Our employee turnover is exceptionally low, and to protect company and customer data, all employees sign a non-disclosure agreement upon joining the team.

Security Culture

As users of Churchible ourselves, we deeply understand the significance of safeguarding personal data. Our own information resides in the same database as our customers', and we use Churchible's features in our own church community. Whether it's checking in children or making donations, we handle your data with the utmost care because it is our own data.

Questions

If you have any unanswered questions or concerns, please feel free to reach out to us at support@churchible.com. We are here to assist you in any way we can.