Data Security
While there is no such thing as a perfectly secure system, ChurchApps takes data security seriously. This page explains the measures taken to protect all data entered into B1.church Admin and other ChurchApps products.
Before You Begin
- Review this page to understand how your church's data is protected
- Set up Roles & Permissions to control who can access sensitive information
- Familiarize yourself with the privacy policy
Limiting Sensitive Data Stored
Our first approach is to not store any more sensitive data than necessary. This means never storing any credit card or bank account details used for making donations. When a user makes a donation using B1.church Admin or B1, the credit card data is never transmitted to any of our servers, only your payment gateway (Stripe). This means in the event of a data breach, no credit card or bank info would be compromised.
We also never store passwords in our system. All passwords are processed through a one-way hashing algorithm in which some of the data is destroyed, making it impossible for anyone to retrieve passwords from the database, even us. To verify passwords, the entered value must pass through the same one-way hash and produce the same result.
After removing these two sources the only sensitive data that remains is a list of names and contact info.
Because ChurchApps never stores credit card or bank information, even a worst-case data breach would not expose financial account details. Only names and contact information would be at risk.
Using Standard Best Practices
We use the industry standard best practices for security, including encrypting all data in transit to and from our servers using HTTPS. All servers are hosted in a secure physical datacenter with Amazon Web Services. All database servers are stored behind a firewall and are inaccessible from the Internet.
Data Segregation
Data is separated into different databases based on scope. Each of our APIs (Membership, Giving, Attendance, Messaging, Doing and Lessons) are independent silos of data with their own databases. If one of them is compromised, the usefulness of the data is limited without others also being compromised. For example, if the Giving API/database was to be compromised, a bad actor could potentially gain access to a list of donations and dates (but never card/bank data). However, they would not have access to which users made the donations or which churches they were for as that data is stored in the separate Membership database.
Data segregation means that compromising one system does not give access to all church data. Each API operates independently with its own database, limiting the impact of any potential breach.
Limited Access
Access to the production servers is strictly limited to the server administrators who require access. This is currently two individuals who are also members of the board. Developers, volunteers and other board members are not permitted access to the production servers.
Privacy Policy
Your data is yours and will never be sold to third parties. You can read our full privacy policy here.
GDPR Compliance
ChurchApps supports GDPR compliance for churches with members in the UK or European Union. Here's how we address the key requirements:
Data Subject Rights
ChurchApps provides tools to help churches respond to data subject requests:
- Right of Access (Article 15) — Members can request a copy of their personal data by contacting their church. Administrators can export any person's data from the Data Management section on the person detail page in B1.church Admin.
- Right to Erasure (Article 17) — Members can request account deletion by contacting their church. Administrators can anonymize a person's data across all modules from the Data Management section on the person detail page. Anonymization replaces personal information with generic values while preserving aggregate records (donation totals, attendance counts) needed for church financial reporting.
- Right to Restriction (Article 18) — Members can request restriction of processing by contacting their church, including opting out of communications.
- Right to Data Portability (Article 20) — Administrators can export personal data in a structured, machine-readable JSON format on behalf of members who request it.
Using the Data Management Tools
To access GDPR data tools for an individual:
- Go to People in B1 Admin and open the person's record.
- Click Edit to enter edit mode.
- Scroll down to the Data Management section (collapsed by default) and click to expand it.
- Use Export Data to download a JSON file of all data stored for that person.
- Use Anonymize to replace personal information with generic values. You will be asked to type
ANONYMIZEto confirm — this action cannot be undone.
Anonymization is permanent. Donation totals and attendance counts are preserved for financial reporting purposes, but all personal identifiers (name, email, address, etc.) are removed and cannot be recovered.
Data Processing
ChurchApps acts as a data processor on behalf of your church (the data controller). Our Data Processing Agreement outlines the responsibilities of each party, including sub-processor usage, breach notification procedures, and data handling on termination.
International Data Transfers
ChurchApps data is hosted on Amazon Web Services (AWS) in the United States. International data transfers from the UK/EU are covered by AWS's Standard Contractual Clauses (SCCs) under the AWS Data Processing Addendum. The AWS DPA is automatically incorporated into the AWS Service Terms for all customers. EU-based hosting is not required when appropriate transfer mechanisms like SCCs are in place.
For details on how transfer risks have been evaluated, see the Transfer Risk Assessment.
Sub-Processors
- Amazon Web Services (AWS) — Infrastructure hosting, data storage, and content delivery
- Stripe — Payment processing for donations (no card data is stored by ChurchApps)
For full details on how we handle personal data, see our Privacy Policy and Terms of Service. If you have questions about GDPR compliance, contact us at support@churchapps.org.