Where is my data physically stored?
Tithe.ly uses Amazon Web Services servers based in the USA for the majority of our product offerings.
For our Sites platform, we currently use Digital Ocean with servers based in Canada. Our Church Apps platform we use Microsoft Azure servers located in the USA.
For our Elvanto product, our servers are located across Australia, the United States, and Europe. Depending on where you are located in the world will determine which country your data is stored.
What are your service availability levels?
Our uptime is 99.9% (well above the industry average). To help ensure you can always access your account, our data centers feature state-of-the-art multi-phase power redundancy, industrial quality cooling, fire suppression, and backup power generation systems.
How often do you run backups?
We make daily offsite backups of all data.
Can I get access to the database schema?
No. As our system is cloud-based and fully hosted, you cannot gain access to the database schema. Your best bet is to use our API, which we are continually expanding upon.
Can I keep an offline copy of my database?
No. You are able to export data to a CSV file as a backup, however!
How does Tithe.ly secure our information against unauthorized access?
There are a number of ways we secure your information against unauthorized access. Tithe.ly has SSL Certificates installed to ensure your data is kept safe on any computer, hardened firewalls to keep the server safe, and even CCTV surveillance and biometric access control at our data centers.
All databases and backups are encrypted at rest to ensure the safety of the data.
All passwords are hashed with unique salts.
We also secure our login pages against brute force attacks.
For access to your individual Tithe.ly account, we also give you the power to customize Access Permissions (a role-based access control feature) for your users. Access Permissions allow you to restrict a user’s access to various parts of the site. Only a super admin has the power to view and edit all parts of the site.
All of our team receive yearly privacy training, sign confidentiality agreements, and only have access to what they need for their role.
Does Tithe.ly comply with privacy laws around the world?
Tithe.ly is GDPR compliant and also complies with the California Consumer Privacy Act and Australian Privacy Principles.
In the event of a data breach, we follow our internal process for Mandatory Data Breach Notification.
Is Tithe.ly PCI compliant?
Tithe.ly does not store or handle card information and this is all conducted through our 3rd party payment processor who has been audited by a PCI-certified auditor and is certified to PCI Service Provider Level 1. This is the most stringent level of certification available in the payments industry. To accomplish this, they make use of best-in-class security tools and practices to maintain a high level of security.
Do you block TLS 1.0 and TLS 1.1 for your client SSL connections?
We block TLS 1.0 but do not currently block TLS 1.1 to allow for backward browser compatibility on donation forms.
How do you protect your database encryption keys from the platform administrators where you host your application?
Amazon Web Services handles this all for us and we don't have access to these keys.
Do you do regular application penetration testing?
Yes, we conduct yearly penetration testing using a third party certified partner.