Your church database contains some of the most sensitive information your congregation trusts you with: home addresses, phone numbers, family relationships, giving amounts, children's medical details, and pastoral care notes. Protecting that data is not optional.
Here is how we think about data security at Gathrik and what you should ask any church software vendor before handing them your congregation's information.
What Church Data Needs Protection
| Data Type | Sensitivity | Risk If Exposed |
|---|---|---|
| Member contact info | Medium | Spam, harassment, unwanted contact |
| Giving records | High | Financial privacy violation, social judgment |
| Children's info | Critical | Safety risk, custody issues |
| Medical/allergy data | High | Privacy violation, potential harm |
| Pastoral care notes | Critical | Deeply personal, trust destruction |
| Home addresses | Medium-High | Physical security risk |
| Background check results | High | Employment and legal implications |
The consequences of a data breach at a church are not just technical. They destroy trust. A congregation that learns their giving amounts were exposed, or their children's information was accessible, may never trust the church with personal data again.
How Gathrik Protects Your Data
Encryption
All data transmitted between your browser and Gathrik's servers is encrypted via TLS (HTTPS). This means nobody can intercept your data in transit, not your internet provider, not anyone on the same Wi-Fi network, not anyone between you and our servers.
Data at rest is stored on encrypted infrastructure. Your member records, giving data, and children's information are encrypted on our servers.
Authentication
- Password requirements: Configurable password policies for your church
- JWT token authentication: Secure, time-limited access tokens
- Email verification: New accounts must verify their email address
- Password reset: Secure reset flow with verification
Tenant Isolation
Gathrik is a multi-tenant system, meaning many churches share the same infrastructure. But every church's data is isolated:
- Each church has its own tenant with separate data
- Users are scoped to their tenant (a staff member at Church A cannot see Church B's data)
- API requests are tenant-scoped (no cross-tenant data leakage)
- Admin operations are logged with tenant attribution
Role-Based Permissions
Not everyone in your church needs access to everything:
- Admin: Full access to all features and data
- Staff: Access to member management, communication, and events (configurable)
- Member: Access to their own profile, giving history, groups, and portal features only
A volunteer checking kids in on Sunday does not see giving records. The communications coordinator does not see financial reports. Each role sees only what they need.
Children's Data
Children's profiles have additional protections:
- Guardian and authorized pickup tracking
- Security codes for check-out (unique per session)
- Medical and allergy information stored securely
- Only accessible to staff with appropriate permissions
What to Ask Any Church Software Vendor
Before trusting a platform with your congregation's data, ask these questions:
1. Where is my data stored?
Know the physical location of your data. For churches in the EU/UK, GDPR requires data to be stored in specific jurisdictions or under approved transfer mechanisms. For churches everywhere, knowing where your data lives is basic due diligence.
2. Can I export all my data?
If you leave the platform, can you take your data with you? CSV export of members, giving, and attendance should be available at any time. If a vendor makes data export difficult, they are holding your church hostage.
3. Who can access my data internally?
Does the vendor's support team have access to your member records? Under what circumstances? Is access logged? Good vendors have strict internal access controls and audit trails.
4. What happens if there is a breach?
Does the vendor have a breach notification policy? How quickly will they notify you? What is their incident response process? These questions feel uncomfortable to ask, but the answers reveal how seriously a vendor takes security.
5. Do you support role-based access?
Can you restrict what different staff members see? The children's ministry director should not need access to giving records. The treasurer should not need access to pastoral care notes. Role-based permissions prevent unnecessary data exposure.
6. Is data encrypted?
Both in transit (TLS/HTTPS) and at rest (encrypted storage). This should be a baseline expectation, not a premium feature.
GDPR and International Privacy
For churches in the UK, EU, or serving members from those regions:
- Consent: Do you have consent to store and process each member's data? Gathrik tracks communication opt-in preferences per member.
- Right to erasure: Can you delete a member's data if they request it? Gathrik supports member deactivation and data removal.
- Data portability: Can members receive their data in a portable format? Members can view and download their own giving history through the portal.
- Processing basis: What is your legal basis for processing member data? For most churches, it is legitimate interest or explicit consent.
If your church operates across borders (common for diaspora churches), you may need to comply with multiple privacy frameworks. The safest approach: treat all member data as if GDPR applies, regardless of where your church is located.
Practical Security for Church Administrators
Beyond what the software does, your church's security practices matter:
Use strong passwords. Enforce this for all staff accounts. "church123" is not a password.
Limit admin accounts. Not everyone needs admin access. Give the minimum permissions required for each person's role.
Review access periodically. When a staff member or volunteer leaves, deactivate their account immediately. Gathrik supports user deactivation to revoke access without deleting historical data.
Be careful with shared devices. If multiple people use the same computer for church admin, make sure they log out when done.
Train your team. The most common security breaches come from human error (phishing emails, shared passwords, unlocked computers), not technical vulnerabilities. A 10-minute conversation about security practices goes a long way.
How We Think About This at Gathrik
We take a simple position: your church's data belongs to your church. We store it, protect it, and give you tools to manage it. We do not sell it, share it, or use it for anything other than running the platform for you.
You can export your data at any time. You can delete member records. You can control who sees what through role-based permissions. And if you leave Gathrik, your data leaves with you.
That is how it should work.