Security

At ChMeetings, the security of our users’ data is of highest priority. Here are the measures we have put in place in order to ensure a safe and secure experience for everyone who uses our platform:

Chmeetings high security management

Two-Factor Authentication

Every user account can be protected with optional two-factor authentication (MFA). When enabled, this feature requires users to enter an additional authentication code, besides their password. Both the password and the code must be entered correctly to gain access. These codes are received on the user's email address or generated within a dedicated authentication app and are only valid for a limited time. MFA is optional and can be enabled per user or enforced for users with elevated permissions.

Reliable, Cutting Edge Cloud Hosting

ChMeetings is hosted on Microsoft's Azure Cloud Services. Customer data is stored in the United States. Currently, churches cannot select a specific country or region for data residency. Our cloud infrastructure also ensures that data is encrypted at rest at the infrastructure level, providing an additional layer of protection for stored data. This ensures that our users benefit from the highest security standards, powered by one of the largest providers on the market.

Encrypted Connections And Daily Backup

All services, including communication between client and server, are encrypted in transit using HTTPS with TLS (Transport Layer Security) encryption. Our platform is backed up on a daily basis within our secured cloud environment.

GDPR Compliance Measures

Our services are GDPR compliant, to provide enhanced privacy, including for users in the European Union. Please have a look at our GDPR compliance page to learn more. For more privacy related information, please also see our Privacy Policy. 

Changelogs

We audit and log user activity within your church account — including user logins and all data changes — along with the IP address associated with each action. This allows us to efficiently monitor activity and mitigate potential malicious use and other security threats.

No Payment Data Stored Beyond The Strictly Necessary

We only store strictly necessary payment information – including for payments made via our online giving features (e.g.: The last four digits of credit card numbers.). We do not store full credit card information or any other sensitive payment data. This information is being processed by our integrated payment gateways – PayPal and Stripe. 

Flexible Security Management Features

We enable our users to take control of their account security themselves. Some of the features we provide for this purpose
include: 

  • Granular role-based access control — create custom roles (e.g. Pastor, Treasurer, Volunteer) and assign only the permissions each role requires. Access can be revoked immediately by disabling or deleting a user account. Learn more.
  • Access Log Report, so users can see some of the actions taken within their church account – including, for example, failed
    login attempts. There are also additional log reports for people and events. Read more about all of these here. These reports
    are only available to paid users.
  • Ability for users to perform backups on their own – either by exporting data from different areas of our platform, or by using
    our API to automate the process. The API integration is a paid feature. 

Our Security Commitment

ChMeetings has not experienced any major security breach involving customer data. We maintain internal procedures for incident investigation and response, and in the event of a security incident affecting customer data, affected customers will be notified promptly.
ChMeetings is trusted by more than 7,000 churches worldwide, and we continuously work to improve the security, reliability, and usability of our platform.