With all the news about hackers and identity theft and compromised servers, we certainly understand why you’d want to know your ChurchTrac data is safe. We’ve designed ChurchTrac with security in mind, and we’ve done everything possible to keep ChurchTrac as safe as possible. This document outlines some of the steps we've taken to secure our system and your data.
We designed our application and infrastructure with security in mind from the beginning, not as an afterthought. We follow best coding practices to protect against cross-site scripting (XSS), database injection, and other common coding vulnerabilities. All of our code is created by top-notch team members, then tested and reviewed by even top-notchier team members. Using this method, any potential code security issues are discovered and eliminated long before being placed into production.
Additionally, our infrastructure is tailored to keep customer data sets isolated. This means that every ChurchTrac account is separated from other accounts in its own unique database. This is important because it means that if another one of our customer’s has an account that is compromised (by a weak or leaked password, for example), there would be no way for a malicious third-party to use a vulnerable account to access your account’s data. Most companies place all of their customer’s accounts into the same database, which means if one account is compromised, all of the accounts are potentially compromised.
Sensitive data is hashed or encrypted before being stored on the server. User files are stored in a separate location, with access only being granted using auto-expiring signed URLs. This means that the content that you upload using ChurchTrac can only be accessed from within your account by providing correct account credentials. Your files and data cannot be accessed through any other web URL or platform.
In addition to having a very rigorous hiring process, those that we do hire have very limited access to your data. We have strict policies in place which determine who has access to your data and to what extent. For example, our senior developers may have access to limited snapshots of your data in the event an error occurs. Certain members of our staff may, with your permission, access your data in order to assist you with troubleshooting an issue or to correct anomalies that develop when one of your users accidentally click the wrong thing. We never retain copies of your data, and never remove your data outside of our secure environment.
For the customer side, we use a proprietary login process that ensures your account is safe from brute-force attacks. This means that we restrict the number of incorrect login attempts a user can have using rate limiting, preventing someone from trying to guess your account password.
We make sure that our servers and the services they run are up-to-date with the latest security patches. Also, when you use ChurchTrac you’re always getting the latest, most up-to-date version of our application. Additionally, we routinely subject our systems to rigorous security audits conducted by internal and third-party security experts.
A major source of account breaches that you hear about in the news involve hackers trying to gain access to credit card and banking information.
We never store ANY credit card or banking information. This applies when you make a payment to us, and also when your donor gives to your ministry through ChurchTrac’s Online Giving feature. In fact, we have implemented everything required to make sure we are Level 1 PCI Compliant in regard to handling payments.
We utilize Stripe for all customer payments and online giving. Stripe uses a series of exchange tokens for relaying payment information, so that your credit and debit card numbers never actually hit our server or system. We only store limited information to assist you with making payments and generating receipts, such as the last four digits of your card number, and the amount you paid.
When you use our Online and Text Giving features, ChurchTrac will automatically create an online batch within the Giving screen. These giving records will contain date, donor name, amount, and optional memo field provided by the donor. Outside of this information, we do not store or have access to any of the donor-provided payment information.
All of our systems are redundant. We use a multiple layer infrastructure architecture - load balance, application, database, storage layer. Every layer is replicated and built on the most reliable web infrastructure available, Amazon’s AWS services. Because all of our systems are redundant, if one of part of our service goes down, you will still have access to your data on a concurrent fallback system. This enables us to have an unprecedented 99.9999% uptime.
Backups of account data are preformed regularly throughout the day, providing us with hourly, daily, weekly, and monthly backups of your data. We don’t retain backups forever, and they are stored offline and offsite to prevent unauthorized access.
Connection Encryption Every connection to your account uses the latest industry standard bank-grade TLS encryption. Non-encrypted communication between your browser and our server is not allowed.
Our system is monitored around the clock, using internal as well as external services. In case of a problem, we get a report in real time and are instantly ready to take care of any potential issues.
Our whole system is behind multiple layers of firewalls which prevents access to your account and data. Only the necessary server ports are open to the outside network. Also, only authorized personnel, using SSH keys, have access to the system. We do not provide anyone with direct access to the server. A second proprietary firewall, developed by our team, detects and blocks potential threats instantly.
Despite all that we do to protect your data, there are a few potential issues that we cannot control or prevent from our side: • Users from your account who share their login credentials with others may compromise your data. • Malware infections on the computers or devices that you use to access our service may compromise your data.
For these reasons we recommend that you limit the number of users who you grant access to your account and limit each user's permission level to only what is needed to perform their duties. Also, you should have rules in place that prohibit a user from sharing their credentials with others. If you suspect an account has been compromised, an administrator can remove that account or re-add it with new credentials. We also have a built-in user audit trail that allows an administrator to view actions taken by users when logged into the database.
You should also have a policy that a high-quality anti-malware application be installed on each system that accesses the service, particularly when using Windows-based computers. For further protection, avoid using browsers with known security vulnerabilities, like Internet Explorer, and keep your computers and browsers up-to-date with the latest security patches. We recommend using Google Chrome as the browser of choice.
Keep in mind that even a secure browser running on a secure computer can be compromised by third-party browser add-ons, such as browser toolbars and search bars. These add-ons often provide little to no benefit, and can actually cause your web experience to degrade, and they may even have access to data you enter on secure sites like churchtrac.com. We recommend that you disable and remove any third-party browser add-ons and use a native browser that is fully patched with the latest security updates.
Your users should also employ commonsense principles when using the application. For example, avoid logging in to the application on a public computer, and sign out of the application when you have completed your tasks. If you use the application to generate reports, make sure that any reports that contain sensitive or personal data are kept under lock and key or are shredded when their usefulness has expired.
To reiterate, the security of your data is our highest priority. To date, we have never had a breach of our systems, and are not afraid to put that out there. While no online system is completely exempt from attack, we will continue to work to make sure your data is as secure as it can be.