At Grace, we use an online database called Church Community Builder. Their system allows us to provide access to your contribution records and allows you to make donations online. They provide all of the security for the system. This system is used by churches throughout the country and has been fully tested by them. Here's information about security directly from the Church Community Builder Website...
Church Community Builder uses the high-grade 256-bit SSL encryption certificates for access to all user data and user logins and processing financial transaction data. These enterprise-level certificates through Comodo Enterprise SSL provide assurance that your data is protected between our servers and your computer.
On the user end, we require that all individual logins require at least one numeric and one alpha character and that their password must be at least six characters long to further ensure the security of the data. In addition, after five unsuccessful attempts at login, the user’s account is locked for a 60-minute period. In addition, we automatically log users out of an unused session after six hours of inactivity to prevent unauthorized access.
Hardware & Software
Security and reliability depend on great, equipment. Church Community Builder uses genuine Dell Poweredge servers, many running redundant SCSI hard drives, redundant power supplies, error-correcting memory, and dual to quad core processors. Network connectivity is provided through Cisco and Dell PowerConnect switches, in addition to specialized hardware for SSL acceleration, load balancing, and firewalls.
Our servers run Linux, have stable kernel and services running, and are updated with security patches. Non-essential ports and services are disabled to further harden the servers. The web and application servers are then placed behind load balancers and firewalls to further limit access to the data and provide reliable services.
Finally, the actual data is stored on database servers which sit behind the redundant load balancers, which sit behind the redundant firewalls, which reside in a physically secure environment (locked server cages, doors, keycard access, etc...). Further, access to the trusted network is limited to authorized Church Community Builder staff only through secure methods such as SSH and secure VPN."
Should you have additional questions about the security of our giving site, please contact us at firstname.lastname@example.org.
Please help us keep your information safe by protecting your login information. Access to sensitive personal and financial information can be gained by letting someone else use your account or by leaving the information for someone else to see. Grace will never call you to ask for your login information.
Grace is committed to maintaining the privacy of both visitors and donors of our Community and to protecting the confidentiality of your personal information. Your information will remain private and will never be given away, sold, rented, leased, or exchanged to any other organization or entity. Any personal information you provide will solely be used in processing and receipting for your contributions.
You can schedule new contributions at any time and can modify or cancel those contributions at any time prior to the date they are scheduled. Once the contribution has been processed, however, it cannot be cancelled or refunded. For problems or concerns related to this, please contact us at email@example.com.
Other Online Payments
On occasion, The Community of Grace may collect fees associated with event registrations, activities, and/or supplies associated with those events and activities. If a refund is requested, it must be done so through the church finance department which can be contacted at firstname.lastname@example.org. All refund decisions will be based on several factors relating to the transaction for which you are requesting the refund. These factors can be based on the following criteria:
1. Did Grace incur any expenses to secure your participation in the event that we are unable to reclaim?
2. Was the event noted as non-refundable (or a non-refundable date provided which has past)?
Decisions to override this policy are reserved to the Board of Directors.
If you have any further questions related to these policies, please contact us at email@example.com.