EasyChurch is built on the principle that your congregation's data belongs to you — and only you. We use enterprise-grade security practices to keep it that way.
From the moment data enters EasyChurch to the moment you access it, every step is protected by multiple layers of security controls.
All communication between your browser and EasyChurch servers is encrypted using TLS 1.3 — the latest and most secure transport layer protocol. We enforce HTTPS on all endpoints and reject insecure connections.
Your data is encrypted at rest using AES-256 — the same standard used by banks and government agencies. Database volumes are fully encrypted, meaning physical disk access cannot expose your data.
EasyChurch uses JWT-based session authentication stored in HTTP-only cookies, making them inaccessible to browser scripts. Sessions expire automatically after inactivity to prevent unauthorized access.
Every church is a completely separate tenant. Your data is logically isolated at the database level using strict church-scoped queries. It is architecturally impossible for one church's data to be accessed from another church's account.
Every user in EasyChurch has a defined role — Admin, Moderator, or Group Leader — and can only access data and actions appropriate for that role. Admins can revoke access instantly at any time.
All user input is validated and sanitized before processing. Our backend uses parameterized queries exclusively, eliminating the risk of SQL injection. We follow OWASP Top 10 guidelines in our development process.
Your data is automatically backed up every 24 hours with a 30-day retention window. Backups are stored in geographically separate infrastructure to ensure recovery from any disaster scenario.
Sensitive actions — member data changes, exports, role changes, login events — are logged with timestamps and user identifiers. Admins can review activity logs to detect any unauthorized changes.
EasyChurch is hosted on enterprise-grade cloud infrastructure with 99.9% uptime SLA. Our servers are housed in ISO-certified data centers with 24/7 physical security, redundant power, and network monitoring.
We are stewards of your congregation's data — not owners. Here is exactly how we handle it.
We align our security practices with recognized frameworks and Philippine regulations.
EasyChurch is designed in compliance with the Philippines' Data Privacy Act. Your congregation's personal data is collected lawfully, stored securely, and processed only for legitimate purposes. You retain full rights as the Personal Information Controller for your church's data.
Our development team follows the OWASP Top 10 guidelines — the globally recognized standard for web application security. We guard against SQL injection, XSS, broken authentication, insecure data exposure, and all other common vulnerabilities.
EasyChurch never stores payment card information. All billing is handled by PCI-DSS Level 1 certified payment processors. Your credit card and GCash details are protected by the highest standards in payment security.
Our hosting infrastructure operates in data centers certified to ISO 27001 — the international standard for information security management. This ensures our physical and operational security meets rigorous independent standards.
All data is submitted over TLS-encrypted connections. Server-side validation and parameterized queries ensure no malicious input can reach the database.
Data is stored in AES-256 encrypted MySQL databases on dedicated, church-isolated schemas. No two churches share the same database namespace.
Automated daily backups are retained for 30 days. Backups are encrypted with the same AES-256 standard and stored in geographically separate facilities.
You can export all your data (members, attendance, reports) at any time in Excel or CSV format. We believe in full data portability — your data is never held hostage.
Upon account cancellation, your data remains accessible for 30 days for export. After this window, all church data — including backups — is permanently and irreversibly deleted from our systems.
We take security reports seriously. If you discover a potential security vulnerability in EasyChurch, we ask that you disclose it responsibly so we can address it before it affects our users.
Please email your findings to security@easychurch.ph with a clear description of the vulnerability, steps to reproduce, and its potential impact. We will acknowledge your report within 48 hours and keep you updated as we investigate and resolve the issue.
Report a VulnerabilityOur team is happy to answer any questions about how we protect your church's data before you commit to a plan.