Summary: This guide provides a comprehensive overview of the security and privacy measures Tithely has in place to protect your church's data. You will learn about our compliance with privacy laws, data encryption standards, and our commitment to service reliability.
Before You Begin
- We encourage you to review our comprehensive Terms of Use and Privacy Policy for more details on the standards we have here at Tithely.
Privacy and Compliance
We are committed to protecting your privacy and comply with key global privacy laws, including:
- GDPR (General Data Protection Regulation) in the European Union. (GDPR)
- CCPA (California Consumer Privacy Act). (CCPA)
- PIPEDA (Personal Information Protection and Electronic Documents Act) in Canada. (PIPEDA)
- POPIA (South Africa’s Protection of Personal Information Act). (POPIA)
- APP (Australian Privacy Principles). (APP)
Data Security and Encryption
We employ multiple layers of security to safeguard your information from unauthorized access.
- Encryption: All data is encrypted both during transmission (in transit) and when stored in our databases (at rest).
- Best Practices: We adhere to industry-leading security frameworks like NIST and OWASP. Our systems are protected by hardened firewalls, and we conduct annual third-party web application penetration testing.
- Access Control: Our data centers feature CCTV surveillance and biometric access control. Internally, our team receives annual privacy training, and access to information is granted strictly on a need-to-know basis. Your Tithely account uses role-based access control, allowing you to define user privileges.
- Password Security: All user passwords are hashed with unique salts to ensure they are never stored in a readable format.
Hosting, Backups, and Availability
- Hosting: The majority of our products are hosted on secure Amazon Web Services (AWS) and Microsoft Azure servers located in the USA. Our Elvanto product utilizes secure servers in Australia, the USA, and Europe, depending on your location.
- Backups: We perform daily offsite backups of all data. These backups are encrypted and retained for a maximum of 90 days.
- Availability: We maintain a service availability of 99.9%. You can check the real-time status of our services here: For status updates, we provide information on the availability of Tithely, Breeze ChMS, and Elvanto.
Payment and Cardholder Security
- PCI Compliance: We are compliant with PCI DSS Level 1 standards, the highest possible rating in the electronic payment processing industry.
- Cardholder Data: Tithely does not process or store credit card information directly on our platform. All financial information is encrypted and securely stored by our banking partner.
- Strong Customer Authentication (SCA): We are compliant with SCA regulations and support 3D Secure for churches in the European Union to provide an extra layer of security for online donations. (Strong Customer Authentication)
Troubleshooting & FAQs
- Where is my church's data stored? Most Tithely products store data on secure AWS and Azure servers in the USA. For Elvanto customers, data is stored in secure locations based on your geographical region (Australia, USA, or Europe).
- Is my credit card information safe with Tithely? Yes. We are PCI DSS Level 1 compliant, which is the highest level of security for payment processing. All financial data is encrypted and handled directly by our secure banking partner; we do not store credit card numbers on our servers.
- How does Tithely ensure only the right people can see sensitive information? Your account uses role-based access control, allowing your administrator to set specific permissions for each user. Internally, our employees are granted access only to the information absolutely necessary to perform their roles.