Security and trust

Your church's security, our priority

Your members', giving and children's data is sensitive. Here, in plain terms, is how we protect it.

Data hosted in the European Union
Our commitments
Hosting in the EU
Your data is hosted on servers located in the European Union, under European law.
AES-256 encryption
Sensitive personal data is encrypted with AES-256-GCM at rest. Traffic runs over HTTPS (TLS).
Two-factor authentication (2FA)
Protect your account with a one-time code from an authenticator app (Google Authenticator).
Brute-force protection
Login, password-reset and payment attempts are rate-limited to counter automated attacks.
Role-based access
Each person only accesses what their role allows. A teacher doesn't see the finances.
Isolation between churches
One church's data is never accessible to another.
GDPR compliance
Explicit consent on sign-ups, right of access and erasure, data minimisation.
Children's protection
Sunday school data is reserved for authorised leaders only and kept minimal.
Secure payments
Donations and sales go through certified providers. Sanctumel never holds your church's money.
Encrypted backups
Your data is backed up regularly and encrypted, to withstand incidents.
Hardened infrastructure
Active firewall, database not exposed to the internet, server access by key only.
Report a vulnerability

Spotted a security issue? Write to us — we take every report seriously.

Contact the security team
Learn more

These guides detail data protection and your account's security.