Security

 
 

Hosting Infrastructure

  • Our systems continuously monitor for failures and escalate to our team as needed to minimize downtime and prevent issues for our users. We strive for 99.95% uptime at least.
  • We keep extensive logs of all system activity.
  • We have two-factor authentication enabled for all servers, code hosting, and continuous integration services.

 

Application Layer

  • We check 3rd party code against known vulnerability databases.
  • Our policy-based authorization system ensures that each client's data is segmented and contained within their own account.
  • All database queries are executed with parameter binding, preventing SQL injection attacks.
  • We use CSRF tokens to prevent cross-site request forgery.
  • All user-generated data is escaped on output, preventing XSS attacks.
  • We log all application errors (server-side and client-side) and log them to a bug tracker for review.
  • Data is always encrypted, both while on transit and at rest. In transit using strong, modern TLS. And at rest, we use one of the strongest block chippers available, 256-bit Advanced Encryption Standard (AES-256). Additionally, all secret keys are automatically rotated on a regular basis.

 

Testing & 3rd-Party Audits

  • We have a fully automated test suite that validates the expected system behavior when any change is made to the codebase.
  • We use an automated vulnerability scanner to continually monitor our app for possible security issues.
  • We check 3rd party code against known vulnerability databases.

 

Data Retention

  • All data is safely stored within the European Union, currently in Germany. This facilitates compliance with privacy regulations and leverages the EU’s strong standards for data protection.
  • Our MariaDB database has a rolling 2-day backup and is encrypted at rest.
  • User-generated content, such as sermons, files, and photos are stored on Hetzner storage box.
  • People can optionally download their data and save it offline.