Data Security with ChurchDesk

Last Modified: April 26, 2018

At ChurchDesk we are focused on data security in all what we do. In the security of our operational setup and our apps. We go beyond what is necessary from a legal and regulatory perspective.

Our servers are located in Nuremberg and Falkenstein in Vogtland, Germany within the European Union and are run by Hetzner Online. Hetzner Online is a German hosting provider and experienced data center operator. With Hetzner Online it is guaranteed that our customers’ and users’ data will never leave the EU.

The technical facilities of Hetzner Online have ISO27001 authorization. The ISO27001 is an internationally recognized standard for evaluating the security of information and IT environments. This standard also covers requirements concerning planning, implementation, documentation and continuous improvement of information security to the smallest detail.

ChurchDesk is compliant with the General Data Protection Regulation of the EU.

The following bullets are the most important points to highlight with regard to your data protection with ChurchDesk:

  • ChurchDesk encrypts all communications between the servers and the platform of the customer.
  • ChurchDesk provides access permissions and authorization processes specifying which users have access to personal data.
  • ChurchDesk will deny login after a certain number of failed attempts.
  • Customer data, that is processed by ChurchDesk and used by ChurchDesk, will be processed for the operation of the platform. In addition this includes all data shared via customer support and any update processes.
  • In the event of contract termination by the customer, ChurchDesk is obligated to delete all data within 60 days after the last accounting period. As well as this ChurchDesk supports the parishes with enforcing their privacy guidelines through the Application.

Product Security

Build Process Automation

  • We have functioning and frequently used automation in place, so that we can safely and reliably rollout changes to both our application and operating platform within minutes.
  • We typically deploy code dozens of times a day, so we have high confidence that we can get a security fix out quickly when required.
  • You can check our past months up time at


  • All our servers are dedicated machines hosted by Hetzner Online.
  • Our data is spread across multiple servers to ensure a high uptime.
  • Hetzners firewalls, together with our own network access control lists (ACLs), prevent unauthorized requests getting to our servers.
  • All our servers are protected with DDOS-encryption.
  • Our data center is protected by state of the art security, including 24/7 video surveillance.

More information here:


  • All customer data is stored in Germany at Hetzner Online.
  • Customer data is stored on multiple dedicated servers in different locations.
  • Data is stored using a zero-trust principle which means that all customer data is encrypted to prevent everyone, including the server provider Hetzner Online, from accessing the data.
  • We do not have individual datastores for each customer. However, strict privacy controls exist in our application code to ensure data privacy and prevent one customer from accessing another customers data. We have unit and integration tests in place to ensure that these privacy controls work as expected. These tests are run every time our codebase is updated, and one single test failing will prevent new code being shipped to production.

Data Transfer

  • All data sent to or from ChurchDesk is encrypted using 256 bit encryption.


  • All passwords are stored with the strongest cryptographic hash technology possible.
  • Your login will be blocked after several mistaken login attempts.


  • The application has built-in permission levels to be set for your teammates. Permissions that can be set includes settings, billing, user data, and the ability to send or edit messages.


  • ChurchDesk is running daily backups.
  • All backups are encrypted.
  • We have multiple backup strategies and backup data is stored on multiple servers and locations.
  • In the backup we store your data for sixty (60) days.

Organisational Security

Incident Response Plan

  • We have implemented a formal procedure for security events and educated all our staff on our policies.
  • When security events are detected they are escalated to our emergency alias, teams are paged, notified and assembled to rapidly address the event.
  • After a security event is fixed we write up a post-mortem analysis in our status page.
  • The analysis is reviewed in person, distributed across the company and includes action items that will make the detection and prevention of a similar event easier in the future.


Only employees at ChurchDesk with specific authorisations have access to your personal information.


All employees of ChurchDesk that may have access to personal data are subject to confidentiality in their employment agreements. Confidentiality is also maintained by ChurchDesk after the termination of ChurchDesk’s agreement with the customer. ChurchDesk employees are covered by confidentiality obligations also after their termination.


All access to ChurchDesk is logged and stored for six (6) months after which it is automatically deleted.


ChurchDesk has developed a comprehensive set of security policies covering a range of topics. These policies are updated frequently and shared with all employees.

PCI Obligations

All payments made to ChurchDesk by Credit Card, BACS or SEPA go through our partner, Stripe. Details about their security setup and PCI compliance can be found at Stripe’s security page.

If you have any questions regarding our data security, please E-mail us at