Security & Backup

LAST REVISION: September 2016

Being in the cloud, ShulCloud security is rightfully on everyone’s minds. RustyBrick, the technology firm behind ShulCloud, has been running cloud systems for over 20 years and has employed the latest in security best practices directly in ShulCloud.

Core Security Best Practices:

  • We DO NOT store any credit card info or bank account information on the servers.
  • We DO NOT store Social Security #’s and other sensitive info.
  • All passwords are HASHED into a one-direction scramble.  So we can only validate a password if the right one is given.
  • All credit card info is sent by an encrypted HTTPS connection and is never stored.
  • HTTPS security is available to all ShulCloud customers at no additional cost
  • We put you in control of how long session timeouts last for your congregants.
  • We put you in control of how long a login link in an email will be active for.
  • We encourage ShulCloud administrators to provide each person with a unique login with a unique list of access points.  Please do not share passwords.
  • ShulCloud staff is not permitted to grant access to anyone who does not already have access. They must be granted access by someone who already has it.

Additional Security Practices:

  • HTTPS is always used for all login attempts, online payments, your member's my account section, and all administrative areas. Additionally, you can turn on HTTPS for your entire web site with a setting.
  • Two-factor authentication is required for higher level access to the data.
  • Facebook or Google login is offered for additional security.
  • Our servers ALWAYS have the latest security patches.
  • Our HTTPS connections support the most secure available encryption standards
  • ShulCloud uses TrustWave’s TrustKeeper for third-party security testing and managed compliance.
  • We provide audit logs for any changes made by office staff, congregants, etc.

Your Data Is Secure & Safe:

  • We KEEP your data backed up securely too:
  • There is 1 day of immediately accessible backup for select ShulCloud staff to access in case of data loss.
  • There are 3 days of within 30 minute restorability available directly in AWS.
  • There are 30 days worth of backups stored in long term backup, accessible within a couple of hours.
  • Backups are stored in AWS and also backed up offsite.
  • All of ShulCloud’s code is version-controlled and backed up offsite too.
  • Backup routines are tested regularly to ensure we can be up and running fast in case of failure.

Servers Are Locked Down & Scalable:

  • All servers reside behind our private firewalls.
  • Our databases reside in an isolated subnet with no direct internet access.
  • We constantly monitor the servers and patch to the latest security updates.
  • We upgrade our hardware several times a year to keep up with demand.
  • We are able to provide these upgrades with minimal downtime.

You Are Free To Take Your Data:

  • Your data is yours, we are obligated to protect it and deliver it to you at any time
  • You have the freedom to switch to any other product or service
  • You have the right to require us to delete your data at any time
  • We offer full SQL access to your data if you have the expertise on-hand.
  • See our privacy policy and terms and conditions for more details

We Are Insured:

  • We also hold various insurance policies for online intrusions, including typical business insurance, E&O insurance, special cyber security insurance and various other policies to protect us in case of an attack.