Security

ChMeetings security

At ChMeetings, the security of our users’ data is of highest priority. Here are the measures we have put in place in order to ensure a safe and secure experience for everyone who uses our platform:

Two-Factor Authentication

Every user account can be protected with optional two-factor authentication. When enabled, this feature requires users to enter an additional authentication code, besides their password. Both the password and the code must be entered correctly to gain access. These codes are received on the user’s email address or generated within a dedicated authentication app and are only valid for a limited time.

Reliable, cutting-edge cloud hosting

ChMeetings is hosted on Microsoft’s Azure Cloud Services, in the United States. This ensures that our users benefit from the highest security standards, powered by one of the largest providers on the market. 

Encrypted Connections and Daily Backup

All services, including communication between client and server, are encrypted using SSL. Our platform is being backed up on a daily basis, being protected by the same SSL encryption. 

GDPR Compliance Measures

Our services are GDPR compliant, to provide enhanced privacy, including for users in the European Union. Please have a look at our GDPR compliance page to learn more. For more privacy related information, please also see our Privacy Policy

Changelogs

We audit and log all data changes within our users’ databases, including the IP address that has made the change. This allows us to efficiently mitigate potential malicious use and other security threats. 

No payment data stored beyond the strictly necessary

We only store strictly necessary payment information – including for payments made via our online giving features (e.g.: The last four digits of credit card numbers.). We do not store full credit card information or any other sensitive payment data. This information is being processed by our integrated payment gateways – PayPal and Stripe. 

Flexible Security Management Features

We enable our users to take control of their account security themselves. Some of the features we provide for this purpose include: 

  • Granular management of users and permissions. Learn more.
  • Access Log Report, so users can see some of the actions taken within their church account – including, for example, failed login attempts. There are also additional log reports for people and events. Read more about all of these here. These reports are only available to paid users.
  • Ability for users to perform backups on their own – either by exporting data from different areas of our platform, or by using our API to automate the process. The API integration is a paid feature.