Security at Koinonia Cloud™
Last reviewed: May 22, 2026
Koinonia Cloud™ holds the personal information of your church family — members, families, children, financial gifts. We treat that data as sacred. This page documents the technical and operational measures we use to protect it, and the shared-responsibility model we operate under with subscribing churches.
For the full legal language, see our Terms of Service (§7 Shared Responsibility) and Privacy Policy (§5 Data Storage and Security).
1. Architecture — Single-Tenant Isolation
Every subscribing church receives its own dedicated instance on Google Cloud Platform:
- Own Cloud Run application services (frontend + backend)
- Own PostgreSQL database (Cloud SQL)
- Own document and photo storage (Cloud Storage bucket)
- Own GCP Secret Manager secrets, scoped per-church
No data, credentials, or configuration are shared between churches. A vulnerability or misconfiguration affecting one church instance cannot reach another. There is no “noisy neighbour” problem, and no cross-tenant query path exists in our codebase.
2. Encryption
| State | Standard |
|---|---|
| Data at rest | AES-256, using Google-managed encryption keys (CMEK available on request for enterprise tiers) |
| Data in transit | TLS 1.2 or higher between browser, application, and database |
| Backups | Encrypted with the same standards as production data |
3. Access Controls
- Provider personnel: production-infrastructure access requires multi-factor authentication and is restricted to a small set of authorised engineers
- All administrative access is logged and audited in Google Cloud Audit Logs
- Provider personnel do not access Subscriber Data except as necessary for technical support (with your permission) or to comply with legal obligations
- Subscriber-side access uses a four-tier role-based access control system (SuperAdmin, Admin, Staff, Member, plus a separate kiosk-only Check-in role) so churches can apply least-privilege within their own staff
4. Backups
- Automated daily backups of every church database
- 30-day retention rolling window
- Backups are encrypted at rest using the same AES-256 standard
- Tested restore procedures (documented in our internal disaster-recovery roadmap)
5. Incident Response
In the event of a data breach affecting your church's data, we will:
- Notify your SuperAdmin via email within seventy-two (72) hours of discovery
- Provide details of the nature and scope of the breach
- Describe the measures taken to contain and remediate the incident
- Cooperate with your organisation's own notification obligations under applicable law
Report a suspected security issue: support@koinoniacloud.com.
6. Sub-Processors
We use the following service providers, each subject to contractual data-protection obligations:
| Provider | Purpose | Data Accessed |
|---|---|---|
| Google Cloud Platform | Infrastructure hosting, database, storage, backups | All Subscriber Data (encrypted) |
| Stripe | Subscription billing for your church's Koinonia Cloud™ plan | Church billing info only — not member data |
| Postmark | Transactional email delivery | Email addresses, message content |
| Twilio | SMS messaging (if enabled by your church) | Phone numbers, message content |
When your church connects its own payment processor (Stripe Connect, PayPal, Square) for donation processing, transactions flow directly between your members and your payment processor account. We do not process, store, or have access to donors' payment card information.
7. Compliance Posture
- COPPA (Children's Online Privacy Protection Act) — our children's-ministry features are designed so the subscribing church acts as data controller and obtains parental/guardian consent. We process children's data solely at the church's direction. See Privacy Policy §7.
- CCPA / CPRA (California) — California residents have the right to know what personal information is collected, request deletion, and opt out of any sale of personal information. We do not sell personal information. See Privacy Policy §9.
- Data export — churches can export their full dataset (members, families, groups, attendance, giving, volunteer info, documents, photos) at any time using built-in tools.
8. Shared Responsibility Model
Strong security requires both sides of the platform to do their part. Here is how the responsibilities split:
What we are responsible for
- Securing cloud infrastructure (network, compute, storage, database)
- Encrypting data at rest and in transit
- Maintaining platform availability and performing security patches
- Conducting regular vulnerability assessments
- Operating automated backup systems
- Incident response for infrastructure-level security events
What you (the subscribing church) are responsible for
- Enforcing strong, unique passwords for all user accounts
- Never sharing login credentials between staff or volunteers
- Managing user permissions appropriately (principle of least privilege)
- Securing local devices (computers, tablets, phones) used to access the Service
- Reviewing and maintaining the accuracy of your data
- Enabling and using available security features
- Obtaining any required consents for data you enter (especially for minors)
- Training staff and volunteers on basic cybersecurity practices
- Promptly reporting suspected security incidents to us
9. Reporting a Vulnerability
If you believe you have found a security vulnerability in Koinonia Cloud™, please email support@koinoniacloud.com with “Security” in the subject line, plus a description and reproduction steps. We commit to:
- Acknowledging receipt within one business day
- Providing an initial assessment within five business days
- Keeping you informed as the issue is investigated and resolved
- Crediting responsible disclosure (with your permission) once a fix is shipped
Please give us a reasonable window to fix the issue before any public disclosure.
10. Questions
For security questions or to request additional documentation (sub-processor list, compliance attestations, architecture review), email support@koinoniacloud.com — a real human will route it to the right place.