Summary: We prioritize your data security and continuously strive to meet the highest standards. To further protect your account, Elvanto features proactive, automated security notifications. These alerts instantly email your account's Primary Contact whenever highly sensitive actions—like viewing API keys or adding new integrations—occur within your workspace.
Before You Begin
Security alerts are automatically sent to the Primary Contact on file for your Elvanto account.
To ensure the right person receives these critical alerts, you must verify your Primary Contact information is up to date.
Step-by-Step Instructions
1. Verifying Your Primary Contact
Because these automated emails go to your Primary Contact, you should verify who holds this role.
Navigate to the Admin Area.
Select Settings, then click Account.
Locate the Primary Contact field and ensure the correct staff member is selected.
Save any changes.
2. Actions That Trigger an Automated Alert
Once your Primary Contact is set, they will automatically receive an email alert if any user performs the following actions:
API Key is Viewed: Someone accesses the API settings to view your active key (Admin Area > Settings > API).
API Key is Regenerated: Someone generates a brand new API key, which can affect existing integrations (Admin Area > Settings > API).
Pre-made Integration is Added: Someone connects a built-in integration like Proclaim, Stripe, or PayPal (Admin Area > Settings > Integrations > Add).
Custom Integration is Added: Someone creates a custom integration webhook or connection (Area > Settings > Integrations > Add).
Our Broader Security Commitment
These proactive alerts are just one layer of our comprehensive security strategy. To keep your data safe, we also employ the following measures:
Industry-Standard Compliance: We comply with key privacy laws, including GDPR, CCPA, PIPEDA, and APP.
Encryption & Infrastructure: All data is encrypted during transmission and rest. We utilize secure AWS, Digital Ocean, and Microsoft Azure servers with hardened firewalls, CCTV surveillance, and biometric access controls.
Financial Security: We follow PCI DSS Level 1 standards—the highest possible rating in the electronic payment processing industry.
Access Control: Beyond these new email alerts, our system relies on strict Role-Based Access Control (RBAC) so you can define user privileges and restrict access to sensitive areas.
Troubleshooting & FAQs
What should I do if I receive an alert for an action I didn't authorize? If your Primary Contact receives an alert for an API view or integration addition that your team did not authorize, immediately review your User Access logs, change administrative passwords, and reach out to the Support team for assistance.
Can I turn these notifications off? No. Because viewing API keys and adding integrations provides broad access to your church's database, these alerts are permanently enabled to ensure the highest level of proactive security for your congregation's data.
Who gets the email if we have multiple admins? The alert only goes to the single person designated as the Primary Contact in your Account Settings, regardless of how many Super Admins you have.