Last Modified: April 26, 2018
At ChurchDesk we are focused on data security in all that we do. We do not only do what is necessary from a legal and regulations perspective, but to go beyond with further securing our operational setup and our apps. This article addresses some of the measures we take internally as well as how our suppliers keep data secure.
Our servers are located in Nuremberg and Falkenstein in Vogtland, Germany within the European Union and are run by Hetzner Online. Hetzner Online is a German hosting provider and experienced data center operator. With Hetzner Online it is guaranteed that our customers’ and users’ data will never leave the EU.
The technical facilities of Hetzner Online have ISO27001 authorization. The ISO27001 is an internationally recognized standard for evaluating the security of information and IT environments. This standard also covers requirements concerning planning, implementation, documentation and continuous improvement of information security to the smallest detail.
ChurchDesk is compliant with the General Data Protection Regulation of the EU.
The following provides an overview of the most important points to highlight with regard to your data protection with ChurchDesk:
We have functioning, frequently used automation in place so that we can safely and reliably rollout changes to both our application and operating platform within minutes.
We typically deploy code dozens of times a day, so we have high confidence that we can get a security fix out quickly when required.
You can check our past months up time at our Status Page.
Only employees at ChurchDesk with specific authorisations have access to your personal information.
All employees of ChurchDesk that may have access to personal data are subject to confidentiality in their employment agreements. Confidentiality is also maintained by ChurchDesk after the termination of ChurchDesk’s agreement with the customer. ChurchDesk employees are covered by confidentiality obligations also after their termination.
All access to ChurchDesk is logged and stored for six (6) months after which it is automatically deleted.
ChurchDesk has developed a comprehensive set of security policies covering a range of topics. These policies are updated frequently and shared with all employees.
All payments made to ChurchDesk by Credit Card, BACS or SEPA go through our partner, Stripe. Details about their security setup and PCI compliance can be found at Stripe’s security page.
If you have any questions regarding our data security, please e-mail us at firstname.lastname@example.org.