ChurchTools’ Data Protection & Data Security

What is the value ChurchTools places on data protection and data security?

As a software development company, we are well aware of our responsibility when it comes to the development, hosting and ChurchTools support. Our Christian worldview leads us to ensure the appropriate handling of personal data according to data protection standards. We expect careful handling of our data, and therefore we would like to approach the security of all ChurchTools users in the same manner. Please be aware of the fact that it is impossible to guarantee perfect security on the internet. We believe that we are doing our very best to ensure the security of your data, however a certain residual risk concerning personal data cannot be completely eradicated by our efforts.

To what extent does ChurchTools take the protection of data into account? (Basic principles of data protection)

Earmarking

ChurchTools seeks to provide a platform for the central organization of contacts (friends, members, etc.), resources and documents, and to support the planning of events, including songs, facts, and calendars. Thus, ChurchTools unites the most important functions for the cooperative development of churches. ChurchTools is set up in a way which allows you to process user data purposefully. Separate modules are used to execute different functions. You can choose which functions you would like to use and which functions you would like to make available for the use of your members.

Data economy (privacy by default / privacy by design)

Even in the developmental stages of the software, ChurchTools places a high value on data economy. Within the modules and input masks, we implement the principles of “privacy by default,” and “privacy by design” in such a way that by default, only data fields required for the specific purpose are to be filled out. Church administrators may add additional data fields to meet their requirements. ChurchTools recommends the economical use of data but does not have an influence on the data fields added by the church administrators.

Necessity

According to the above-mentioned principle of earmarking, ChurchTools is designed in such a way, that only the data necessary for a specific task is required. By only maintaining the required data, churches can still fulfil their desired purposes. We cannot influence which additional data fields may be regarded as necessary, but we generally recommend churches to only add necessary data.

Direct survey

Church members can personally enter their data into ChurchTools. In this way, they may determine which of their personal data is to be saved. Alternatively, an administrator can enter the data into the ChurchTools database. We recommend churches to agree on the data that is to be entered so that every church member can decide what kind of data is to be used.

Transparency and the rights of the parties concerned

Via their user accounts, church members can see which personal data is saved. They may also edit or delete their data when necessary. If an administrator creates user accounts for their members, the members will then receive an email notification. In case of questions regarding personal data, you may approach the administrators of the church. Should church administrators be unable to help, please do not hesitate to contact ChurchTools. However, the church itself is responsible for answering inquiries from the concerned parties.

Where are my data stored and who can access them?

ChurchTools hosting / Self-hosting / Storage location

Our software solution ChurchTools can either be self-hosted on a church server or hosted through us. By choosing the self-hosting option, you also take on the responsibility of ensuring the security of your web server. You may benefit from the security of our computer centers if you choose to be hosted through ChurchTools. Your ChurchTools installations are hosted through German computer centers belonging to a German provider (HETZNER Online). The storage location is in Germany and will remain there. Your data will not leave Germany.

The computer centers run by HETZNER Online passed the ISO 27001 certification and therefore meet the standards required for functioning IT security management organizations, data security and the availability of your data.

ChurchTools maintenance and support

Our software has a user-friendly design which allows you to resolve most issues without further support. Please do not hesitate to contact our support team if assistance is required. Our support team will gladly help you to identify the issue. If a problem cannot be resolved via the phone or email, you can decide whether or not we attempt to find a solution by using remote maintenance (e.g. via Teamviewer) to access your computer. Remote maintenance access is encrypted with secure and up-to-date encryption processes to protect your data from unauthorized third-party access.

In the case that the remote maintenance does not lead to a solution, permission may be sought after to access directly, or to obtain a copy of your ChurchTools database. This access will be documented and is dependent on your permission.

What do you do to protect personal data within ChurchTools?

We have taken manifold technical and organizational safety precautions to secure the use of ChurchTools. Please find an extract of these protective measures below:

  • Password security: You may determine the requirements necessary for the passwords of your members. ChurchTools supports passwords with a defined minimum number of characters, upper case and lower case, numbers, and special characters. Passwords are stored hashed and salted to reduce the risk of fraudulent use of the login data by unauthorized third parties.
  • Management of permissions: ChurchTools allows the administrators to assign individual permissions depending on the function and task that is to be completed within the church. The permissions can be assigned by status, a group membership or specific rights for individual users. In this way, users are only granted minimal sets of permissions via the status (member, guest, etc.), and all other rights can be added through the group membership and the role within the group. This helps to ensure that according to the need-to-know principle, the permissions which are necessary to complete specific tasks can be assigned to each church member. The administrators may change the permissions at any time e.g. when a church member requires additional permissions or leaves the church.
  • ChurchTools data backups: If your instance is hosted through us, your databases are continuously saved and backups can be restored in case of loss. The backup includes the entire instance including all log files and church-related data. Daily backups of all databases are completed by the computer centers.
  • Self-hosting backups: In the case that you are hosting ChurchTools on your own server, you are responsible for any data backups. From the Admin Settings you can start a database dump at any point in time and manually create a backup.
  • Securing accesses/ChurchTools maintenance access: Every time a church member accesses ChurchTools, the access is encrypted via SSL/TLS, according to the latest technical developments, to prevent unauthorized third-parties from accessing transmitted data. All maintenance accesses are encrypted with up-to-date encryption processes.
    ChurchTools.de received an A+ rating in the SSL LABS ranking and supports Forward Secrecy.
  • Every login and failed login attempt is recorded. To access the log files, admin rights are required.
  • Interfaces with other applications / Software applications are known and recorded e.g. for sending newsletters, secure messaging, sending SMS. You and the administrators may choose which of the applications you would like to use.
  • Recording on database level: Any access or modification of personal datasets will be protocolled on database level. Removals will be protocolled in a log file with the time of the modification. Archiving and locking processes are also saved in a log file. Admin rights are required to access the log files.
  • Tests with test data: Tests are generally only conducted using test data on separate testing systems.
  • Data separation: Datasets are logically separated by default.
  • Safety precautions against attempted attacks: ChurchTools generally works with Prepared Statements in the backend. Furthermore, we are moving to the PHP framework Laravel that completely isolates any database access and verifies it using additional parameters. Before user entries are added to the ChurchTools database, the entries are automatically checked, and harmful elements are removed. For example, <script> tags are rendered harmless. To prevent brute force attacks, user accounts are temporarily blocked after several failed login attempts. Software updates are released at irregular intervals and as required by new features, bug fixes, or security fixes. You will receive an email notification about the updated version. The updates can be seen on the changelog on our website: https://intern.churchtools.de/?q=churchwiki – WikiView/filterWikicategory_id:0/doc:Changelog-3.0/
  • Commitment to maintaining data secrecy: Our staff has been sensitized for the appropriate handling of personal data. Data protection training courses are completed every 36 months. All employees are expressly bound to data confidentiality according to § 5 BDSG (German Data Privacy Act) and are aware of their responsibility within their jobs.

Can member data be removed?

Of course, it is possible to remove the data of members who decide to end their membership. ChurchTools supports the irrevocable deletion of data. Alternatively, people can also be archived. In this way, they will no longer appear in the list of people, but are still saved in the archive, which is only accessible by users with the appropriate permissions (Blocking in the case of data protection). Please find out whether your church is bound to a retention period which may not allow you to delete data (e.g. the list of participants of retreats has to be kept for 10 years).

What happens to my data if I want to stop using ChurchTools?

If at any point in time you would like to stop using ChurchTools, you may end the cooperation with us any time. In this case, we will export your data in CSV format and make it available to you so that you may continue to use your data. Please let us know if and when we are to delete your data completely.

Does ChurchTools provide a contract for data processing according to § 11 BDSG (German Data Privacy Act) or other applicable regulations of the respective church laws?

Yes, we can provide a contract for data processing. Please contact us to request the contract. You will then receive a standard agreement with the technical and organizational measures attached. We kindly ask for your understanding of the fact that we are working with a standardised agreement due to our partnership with over 1000 churches.

Further information can be found on our administrators’ Wiki. You may also contact support@churchtools.de or datenschutz@churchtools.de.