Your church data belongs
to your church. Full stop.

At rest — AES-256

All database records, file uploads, and backups are encrypted using AES-256, the same standard used by banks and governments.

In transit — TLS 1.3

Every connection between your browser and ChurchStacks is encrypted with TLS 1.3. No data ever travels in plain text.

Payments — Stripe vault

We never store card numbers. Stripe — a PCI DSS Level 1 certified processor — handles all payment data. ChurchStacks never sees raw card details.

Role-based permissions

Five roles — Admin, Pastor, Leader, Member, Volunteer — each with distinct access levels. Volunteers never see financial data. Members never see pastoral notes.

Two-factor authentication

2FA is available on all accounts. We recommend enabling it for all admin and pastor accounts.

Session management

Sessions expire automatically. Suspicious logins trigger email alerts. All active sessions are visible and revocable from account settings.

Row-level security

Every database query is enforced at the row level by Supabase RLS. Every record carries a churchId — it is technically impossible for one church to read another's data.

Multi-tenant isolation

Your church is a completely isolated tenant. Members, donations, sermons, messages, and prayer requests are scoped exclusively to your churchId.

Campus isolation

Within a multi-campus church, data is further scoped by campusId. Campus staff only see their campus unless explicitly granted cross-campus access.

Daily automated backups

Your data is backed up every 24 hours automatically. Backups are encrypted and stored in a separate geographic region.

Point-in-time recovery

We can restore your data to any point within the last 30 days. Accidental deletions or data corruption can be reversed.

30-day retention

Backups are retained for 30 days. Enterprise (Antioch) plans can request extended retention up to 1 year.

GDPR

For churches with members in the EU. We act as a data processor under GDPR. A Data Processing Agreement (DPA) is available on request.

CCPA

For churches in California. Members can request access to, correction of, or deletion of their personal data at any time.

COPPA

Youth ministry data is handled with extra care. We recommend churches obtain parental consent before adding minors to the system.

PCI DSS

All giving and donation data is handled by Stripe, a PCI DSS Level 1 certified processor. ChurchStacks itself is out of PCI scope for card data.

SOC 2

Our infrastructure providers (Supabase, Vercel, Clerk) are SOC 2 Type II certified. ChurchStacks is working toward its own SOC 2 audit.

Data Processing Agreement

Enterprise (Antioch) plans include a signed DPA. All other plans can request one by emailing security@churchstacks.com.

Export everything

Download a full export of all your church data — members, giving, events, messages — in CSV or JSON format at any time from Settings.

Delete everything

Cancel your account and all your data is permanently deleted within 30 days. No questions asked. No hidden retention.

Correct anything

Any member can request correction of their personal data. Admins can update records directly. Members can update their own profiles.

Know what we store

Request a complete data inventory at any time. We'll tell you exactly what data we hold, where it's stored, and who can see it.