Hosted in secure UK data centres, ChurchSuite is backed up daily and protected by 24/7 physical security access control, fire suppression and redundant power failure systems.

ChurchSuite email support is provided by the same team of developers that built it, meaning you're guaranteed to be helped by one of our team of experts, every time.

ChurchSuite builds on years of experience with web applications and runs on modern, high-capacity hardware, ensuring peak performance for all your users.

Connections from your computer to the ChurchSuite servers use TLS encryption, meaning that all the data passing between your computer and our servers is secure, making it nearly impossible for anyone else to see what you're sending. TLS is an industry standard technology and one you're probably familiar with if you use online banking; it's the same technology used by all the major UK and international banks.

In addition to this, all of our servers are UK-based and hosted on Amazon's AWS cloud platform - one of the UK's leading data centre providers. Amongst other certifications, each AWS data centre has achieved ISO 27001 certification, which aims at reducing the risk of breaches in the confidentiality, integrity or availability of data to a minimum.

On top of this, we've implemented a number of procedures and used a variety of technologies to help ensure that ChurchSuite is as secure as possible:

• Access to our production servers is limited to a small number of authorised staff members and is logged and closely monitored.

• We work closely with security consultants and undergo annual penetration testing by a CREST approved organisation.

• We run weekly automated security scanning software within a sandbox environment that checks for and warns us of common vulnerabilities such as SQL injection and XSS attacks, amongst others.

• Our development team utilise automated testing, helping us to identify whether changes made to the software yield the expected results. If the automated tests fail, the developer is notified, allowing them to fix the bugs before they're pushed to our production environment.

• Each church has its own database, ensuring that each church's data is segregated from others.

• User passwords have minimum length and strength requirements. When stored on the server, we use an industry standard one-way password hashing algorithm, with a variable salt which ensures that it is not susceptible to a hash table attack.

A backup is a copy of the data within your ChurchSuite account, and is taken in case of a catastrophic hardware failure or natural disaster (both of which are highly unlikely but we believe it pays to be prepared for the worst). Your ChurchSuite account is backed up in three separate ways:

1. Firstly, all data stored in the databases is kept on redundent and fault-tolerant storage where the failure of a server will automatically failover to a secondary server, ensuring ChurchSuite is uninterrupted and your data is safe.

2. Secondly, a nightly backup of the entire database is kept in the same data centre as the database server, allowing rapid recovery in the event of a major server failure.

3. Finally, nightly off-site backups are kept for each customer in a separate secure location. This backup would can used for data recovery in the event of a major natural disaster.

We retain a rolling 7-day backup cycle for entire server backups and a 30-day backup cycle for individual customer databases.