Data Protection Policy

Last Modified: April 10, 2017

With today’s IT systems, it is possible to collect and unimaginably large amount of information and data very quickly. Unfortunately, external attacks, data theft and human error can lead to loss of your confidential data. At ChurchDesk we are focused on data security in all that we do. We do not only do what is necessary from a legal and regulations perspective, but to go beyond with further securing our operational setup and our apps. I will use this article to address some of the measures we take internally as well as how our server operator T-Systems got the extra mile to keep data secure. ChurchDesk servers are located in Munich, Germany. We make sure that our customers data is safe at all time, both in transit and at rest.

General overview

ChurchDesk’s servers are located in Munich, Germany within the EU Union and are run by T-Systems. T-Systems is a German global IT services and consulting company. Founded in 2000, it is a subsidiary of Deutsche Telekom. T-Systems is one of the largest and most secure data center providers in the world. It is guaranteed that our customers’ and users’ data will never leave Germany.

The technical facilities of Deutsche Telekom, T-Systems, has ISO27001 – authorization. The ISO27001 standard is an internationally recognized standard for evaluating the security of information and IT environments. This standard also covers requirements concerning planning, implementation, documentation and continuous improvement of information security to the smallest detail.

ChurchDesk is also evaluated by TÜV Informationstechnik GmbH. TÜV provides the necessary assurances with regard to EU data protection compliance and compliance with the Data Protection Act of 1998. ChurchDesk also complies with all technical industry standards. Download a copy of the European data protection law handbook, here.

Technical Audit – Reference No.: 300-097-14

Legal Audit – Reference No.: 300-097-14

The following provides an overview of the most important points to highlight with regard to your data protection with ChurchDesk.

  • ChurchDesk is committed to encrypt all communications between the servers and the ChurchDesk platform of the customer.
  • ChurchDesk undertakes to provide access permissions/ authorization processes specifying which users have access to personal data.
  • ChurchDesk will terminate log in capabilities after a certain number of failed log in attempts.
  • Customer data, that is processed by ChurchDesk and used by ChurchDesk will be exclusively for the operation of the platform. In addition this includes all data shared via customer support and any update processes.
  • In the event of contract termination by the customer, ChurchDesk is obligated to delete all data within 60 days after the last accounting period.

In more detail


T-Systems data centers

T-Systems data centers are state of the art, utilizing innovative architectural and engineering approaches. Deutsche Telekom has many years of experience in designing, constructing, and operating large scale data centers. This experience has been applied to the T-System platform and infrastructure. T-System data centers are housed in nondescript facilities. Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, intrusion detection systems, and other electronic means. Authorized staff must pass two-factor authentication a minimum of two times to access data center floors. All visitors and contractors are required to present identification and are signed in and continually escorted by authorized staff. All physical access to data centers by T-System employees is logged and audited routinely.

Fire Detection and Suppression

Automatic fire detection and suppression equipment has been installed to reduce risk. The fire detection system utilizes smoke detection sensors in all data center environments, mechanical and electrical infrastructure spaces, chiller rooms and generator equipment rooms. These areas are protected by either wet-pipe, double-interlocked pre-action, or gaseous sprinkler systems.


The data center electrical power systems are designed to be fully redundant and maintainable without impact to operations, 24 hours a day, and seven days a week. Uninterruptible Power Supply (UPS) units provide back-up power in the event of an electrical failure for critical and essential loads in the facility. Data centers use generators to provide back-up power for the entire facility.

Climate and Temperature

Climate control is required to maintain a constant operating temperature for servers and other hardware, which prevents overheating and reduces the possibility of service outages. Data centers are conditioned to maintain atmospheric conditions at optimal levels. Personnel and systems monitor and control temperature and humidity at appropriate levels. Management T-System monitors electrical, mechanical, and life support systems and equipment so that any issues are immediately identified. Preventative maintenance is performed to maintain the continued operability of equipment.


Security and network services

Telekom will provide a virtual firewall (vShield) that the customer can configure by adding new services to the routing table. The firewall separates services with Internet connection from all other internal services. The customer can also use load balancing, firewall NAT, and other vShield-based features.

Transmission Protection

ChurchDesk connects to a T-System access point via HTTPS using Secure Sockets Layer (SSL), a cryptographic protocol that is designed to protect against eavesdropping, tampering, and message forgery. Secure Shell is blocked by the firewall.

Network Monitoring and Protection

ChurchDesk utilizes a wide variety of automated monitoring systems through T-Systems to provide a high level of service performance and availability. T-Systems monitoring tools are designed to detect unusual or unauthorized activities and conditions at ingress and egress communication points. These tools monitor server and network usage, port scanning activities, application usage, and unauthorized intrusion attempts.


This system is placed upstream of the physical T-Systems firewall and acts as a reverse proxy. In addition, a virtual “vShield Edge” machine that processes the input of the reverse proxy is installed downstream of the Telekom firewall. The reverse proxy accepts connections on the following ports: 80, 8080, 8081, 443, and 8443.

The vShield only allows connections to servers on ports as specified. For example web servers are protected in such a way, that only  connections originating from the Load Balancer and targeting a specific port are allowed. That means no one can connect directly to the Web Servers.

Disaster recovery capability

The DSI vCloud offering provides the customer with comprehensive disaster recovery functions in the self-service. DSI vCloud has been designed with fully redundant components on all levels to ensure high availability.

Data Transfer

All data transferred to and from ChurchDesk’s users and our servers are encrypted with a 256-bit SSL certificate. All data transfers to and from ChurchDesk’s mobile and browser apps are encrypted with this 256-bit certificate. All internal data transfers between ChurchDesk’s servers are protected by vShield Edge – which creates a secure and logically isolated portion on the T-Systems infrastructure.

Database Security

ChurchDesk’s databases are all stored on an industry standard encrypted file system using AES-XTS-PLAIN64 with a 512bit key. All databases is backed up fully once every day. The backups are kept for 60 days.


ChurchDesk ensures that data stored on ChurchDesk’s platform is backed up at all times. ChurchDesk both uses full as well as incremental backups. ChurchDesk regularly makes restore-tests of former completed backups to ensure that the backup works as intended.

The backups are kept for 60 days.

All files uploaded by the user will be scanned for virus before being accepted into the file archive.

Files that have been rejected by the virus scanner will not be backed up since they never touch the hard disks.

Access Control

All passwords of our users are hashed with unique salts. More specifically, the passwords are hashed using SHA512 with the use of an industry standard stretching technique. As such, if the database should have been compromised, an intruder would not be able to read the passwords.

The passwords has a minimum of 8 digits or characters. The password has to consist of three of the following: Uppercase, lowercase, numbers, special characters.

Failed log in attempts are registered and blocked for 24 hours after 5 failed attempts.



All employees in ChurchDesk who have access to personal data are authorized by ChurchDesk. Such authorizations indicate the access and for what purposes the individual employee has been given access to. ChurchDesk employees are only authorized to access the customers’ personal data for operational or technical purposes. ChurchDesk’s employees do not have access to personal data that is not covered by their authorization. The number of employees at ChurchDesk with this authorization is kept to a minimum. ChurchDesk verifies and updates authorizations continuously. Such authorizations will be adjusted or cancelled when an employee changes position, responsibility or resigns. ChurchDesk’s platform is set up so that the customer can authorize its employees based on roles with different permissions and rights. Other users of the solution must also be subject to authorizations that provide appropriate access. All new and revoked authorizations are logged.


All employees of ChurchDesk that may have access to personal data are in their employment agreements subject to confidentiality. Confidentiality is also maintained by ChurchDesk after the termination of ChurchDesk’s agreement with the customer. ChurchDesk employees are covered by confidentiality obligations even after their termination.


All access to personal data in connection with the use of ChurchDesk’s platform is automatically logged. The logging includes IP-address, time, username, type of use and the person the data pertains to. Should ChurchDesk access personal data based on a support or technical request from the customer, then this access is logged as well.

If you have any questions regarding our security feel free to contact