Security & Backup

LAST REVISION: September 2017

Being in the cloud, ShulCloud security is rightfully on everyone’s minds. RustyBrick, the technology firm behind ShulCloud, has been running cloud systems for over 20 years and has employed the latest in security best practices directly in ShulCloud.


Core Security Best Practices:

  • We DO NOT store any credit card info or bank account information on the servers.
  • We DO NOT store Social Security #’s and other sensitive info.
  • All passwords are HASHED into a one-direction scramble.  So we can only validate a password if the right one is given.
  • All credit card info is sent by an encrypted HTTPS connection and is never stored.
  • HTTPS security is available to all ShulCloud customers at no additional cost
  • We put you in control of how long session timeouts last for your congregants.
  • We put you in control of how long a login link in an email will be active for.
  • We encourage ShulCloud administrators to provide each person with a unique login with a unique list of access points.  Please do not share passwords.
  • ShulCloud staff is not permitted to grant access to anyone who does not already have access. They must be granted access by someone who already has it.

Additional Security Practices:

  • HTTPS is always used for all login attempts, online payments, your member's my account section, and all administrative areas.
  • There is an option to turn on HTTPS for your entire web site with a setting. This option is on by default on all new ShulCloud signups. We currently recommend that everyone enable this option if it is not on currently. While this setting is enabled, additional precautions are in place to prevent insecure transfer of cookies or use of the system without https.
  • Two-factor authentication is required for higher level access to the data.
  • Facebook or Google login is offered for additional security.
  • Our servers ALWAYS have the latest security patches.
  • Our HTTPS connections support the most secure available encryption standards
  • ShulCloud uses TrustWave’s TrustKeeper for third-party security testing and managed compliance.
  • We provide audit logs for any changes made by office staff, congregants, etc.
  • Failed login attempts are logged across our entire system to prevent brute force attacks.
  • Failed/Declined credit card attempts are logged across our entire system to prevent card testing from abusing the system.
  • Security, Backups and Log Review occur at least every 30 days.
  • ShulCloud periodically employs leading industry security experts to review our entire infrastructure and updates the system as needed.

Your Data Is Secure & Safe:

  • We KEEP your data backed up securely too:
  • We store rolling snapshots which can be brought up immediately. The snapshots are more frequent in the near-past and less frequent as time progresses. In case of data loss, these snapshots can jump to points a minimum of 30 days in the past.
  • There are 30 days worth of backups stored in long term backup, accessible within a couple of hours.
  • Backups are stored in AWS and also backed up offsite.
  • All of ShulCloud’s code is version-controlled and backed up offsite too.
  • Backup routines are tested regularly to ensure we can be up and running fast in case of failure.

Servers Are Locked Down & Scalable:

  • All servers reside behind our private firewalls.
  • Our databases reside in an isolated subnet with no direct internet access.
  • We constantly monitor the servers and patch to the latest security updates.
  • We upgrade our hardware several times a year to keep up with demand.
  • We are able to provide these upgrades with minimal downtime.

You Are Free To Take Your Data:

  • Your data is yours, we are obligated to protect it and deliver it to you at any time
  • You have the freedom to switch to any other product or service
  • You have the right to require us to delete your data at any time
  • We offer full SQL access to your data if you have the expertise on-hand.
  • See our privacy policy and terms and conditions for more details

We Are Insured:

  • We also hold various insurance policies for online intrusions, including typical business insurance, E&O insurance, special cyber security insurance and various other policies to protect us in case of an attack.