Skip to main content

Protect ChMeetings Data

  • Updated

Protecting your ChMeetings data means ensuring that proper security measures are being taken and that you have control over your data. This guide takes you through what you can do to ensure your data is protected, and what ChMeetings is doing for the same purpose. 

Here Is What You Can Do To Protect Your Data 

Cover Security Basics

We recommend that you inform church servants about basic security measures such as keeping passwords private or ensuring that their devices are secure (by installing an antivirus or avoiding suspicious websites or links; for example). Any devices belonging to your church should ideally be regularly supervised by a cybersecurity specialist, or at least have security software installed. 

Ensure All User Accounts Are Secure

Everyone who has an account should have a strong password, and ideally, activate two-factor authentication. You can enable both of these in Settings > Account Settings > Security.

security-settings.png

Manage User Roles

ChMeetings uses a role-based access control (RBAC) system that lets you choose who has access to what information. You can create custom roles tailored to your church structure (for example: Pastor, Treasurer, Volunteer, Staff) and assign specific permissions to each role — following a least-privilege approach where each person only accesses what they need. 

To immediately revoke a user's access, you can disable or delete their account at any time through the admin interface. You can manage all of this under Users & Roles.

Perform Your Own Data Backups

You can perform your own backups of ChMeetings data, by running exports within a section of interest. You can export the following data categories:  

  • People list and profile information,
  • Groups list and members lists,
  • Follow-ups,
  • Events: Access each event > Click Reports, and export the report,
  • Contributions: All Contributions, Batches, Funds (Fund Lists and Charts), Pledge Campaigns, Contacts, Organizations, Online Giving Transactions List, Envelopes),
  • Accounting: Accounts Charts, Account Transactions, All Accounting Reports,
  • Users and Roles list.

 You will find an export option within all of these sections: 

  • either as an Export button:

    export1.png
     
  • or as a down arrow button:

    export2.png

 

Here Is What Chmeetings Is Doing To Protect Your Data

Two-Factor Authentication

You can enable two-factor authentication (also referred to as MFA — Multi-Factor Authentication) for all your user accounts and can make it mandatory for servants with additional permissions beyond a member account. When enabled, this feature requires users to enter an additional authentication code, besides their password. Both the password and the code must be entered correctly to gain access. These codes are received on the user's email address or generated within a dedicated authentication app and are only valid for a limited time. 

Please note: MFA is currently optional and is not system-enforced for admin accounts. We recommend enabling it for all users with administrative access.

Encrypted Connections and Daily Backup

All services, including communication between client and server, are encrypted in transit using HTTPS with TLS (Transport Layer Security) encryption. Our platform is also backed up daily. Backups are retained for 90 days.

Enterprise plan note: Point-in-time restore is available for Enterprise customers who have a dedicated database setup. We can also perform manual backups when required.

Reliable, cutting-edge cloud hosting

ChMeetings is hosted on Microsoft's Azure Cloud Services, in the United States. Customer data is stored in the United States. Currently, churches cannot select a specific country or region for data residency. This ensures that our users benefit from the highest security standards, powered by one of the largest providers on the market.

GDPR Compliance Measures

Our services are GDPR compliant, to provide enhanced privacy, including for users in the European Union. Learn more about our Privacy Policy.

Changelogs

We audit and log user activity within your church account, including: 

  • User logins — all login events are recorded.
  • Data changes — all updates to people records and other data, including the IP address that made the change.

This allows us to efficiently monitor activity and mitigate potential malicious use and other security threats.

Secure Payments

We only store strictly necessary payment information – including for payments made via our online giving features (e.g.: The last four digits of credit card numbers.). We do not store full credit card information or any other sensitive payment data. This information is being processed by our integrated payment gateways – Stripe, Paystack or PayPal

 

Security Incident Notification

In the event of a security incident that affects customer data, ChMeetings will notify affected customers promptly. We take all security matters seriously and have internal procedures in place for incident investigation and response.

Related articles