Elvanto Information Security Guide

At Tithely, we prioritize data security and privacy and continuously strive to meet the highest standards. This guide outlines how Tithely achieves this.

We encourage you to review our comprehensive Terms of Use and Privacy Policy for more details on the standards we have here at Tithely. 

If you have any further questions or concerns regarding security and privacy at Tithely, please don't hesitate to reach out to our support team. We are here to assist you.

 

Privacy Laws Compliance

We comply with key privacy laws, such as the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). 

Our efforts to ensure compliance extend to various other privacy laws worldwide, including Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), South Africa’s Protection of Personal Information Act (POPIA), and the Australian Privacy Principles (APP). 

Rest assured that we take privacy seriously.

 

Hosting & Data Storage Locations

For the majority of our product offerings, we utilize Amazon Web Services servers located in the USA. 

Additionally, our Sites platform relies on servers in Canada provided by Digital Ocean, while our Church Apps platform utilizes servers in the USA provided by Microsoft Azure.

Our Elvanto product stores data in secure locations based on your geographical location and makes use of servers in Australia, the USA, and Europe.

 

Ensuring Data Security

We employ multiple measures to safeguard your information from unauthorized access. 

  • All data passing through Tithely products is encrypted during transmission and when stored in our databases. 
  • We adhere to industry-leading security frameworks such as NIST and OWASP to follow best practices in application security. 
  • Our servers are protected by hardened firewalls, and our data centers employ CCTV surveillance and biometric access control. 
  • Database backups are encrypted, and encryption keys are managed by our web hosting provider, ensuring the safety of your data. 
  • Passwords are hashed with unique salts, and our login pages are secured against brute force attacks. 
  • Role-based access control allows you to define user privileges, ensuring restricted access to sensitive areas. 
  • We conduct annual web application penetration testing by a third party. 
  • Additionally, our team receives annual privacy training, signs confidentiality agreements, and is granted access only to the information necessary for their roles.

As our system is cloud-based and fully hosted, direct access to the database schema is not available. You can keep an offline copy of your database by utilizing our reporting functionality or APIs to export your data conveniently.

 

Regular Backups

We perform daily offsite backups of all data, which are encrypted and retained for a maximum of 90 days. This ensures that your data remains safe and accessible.

 

Service Availability

We maintain an uptime of 99.9%. Our data centers feature cutting-edge power redundancy, robust cooling systems, fire suppression measures, and backup power generation systems. 

For status updates, we provide information on the availability of Tithely, Breeze ChMS, and Elvanto.

 

Card Holder Data Security

While Tithely does not process or store card holder data within our platform, we follow PCI DSS Level 1 standards. This is the highest possible rating in the electronic payment processing industry. All financial information is encrypted and stored by our banking partner, ensuring compliance with PCI DSS Level 1 standards.

 

Compliance with Strong Customer Authentication

Tithely is compliant with the Strong Customer Authentication regulation and supports 3D Secure for churches in the European Union. Donors will receive a pop-up on their device, guiding them through the necessary steps to complete the 3D Secure process.