Security FAQ

Where is my data physically stored?

Our servers are located across Australia, the United States and Europe to ensure your data remains close to home and easy to access. Although a lot of church database programs host their content all in one place, we find that this can cause privacy issues with conflicting international privacy laws. Our hope is that in having our servers across multiple countries, it will reduce the risk of this happening.

What are your service availability levels?

Our uptime is 99.9% (well above the industry average). To help ensure you can always access your account, our data centers feature state-of-the-art multi-phase power redundancy, industrial quality cooling, fire suppression and backup power generation systems.

How often do you run backups?

We make daily offsite backups of all data. Deleted information is kept for three months before being permanently deleted from the system.

Can I get access to the Database Schema?

No. As our system is cloud based and fully hosted, you cannot gain access to the database schema. Your best bet is to use our API, which we are continually expanding upon.

Can I keep an offline copy of my database?

No. You are able to export data to a CSV file as a backup, however!

Is my account scalable? Do I have a data limit?

In short, yes! Your account is only limited to how many active adults you pay for (we do have an unlimited plan). There is a 10GB upload limit for the file storage area.

Does Elvanto comply with the Australian Privacy Principles and GDPR?

Elvanto complies with the Australian Privacy Principles (APP), the Australian Spam Act, as well as the General Data Protection Regulation (GDPR).

How does Elvanto secure our information against unauthorized access?

There are a number of ways we secure your information against unauthorized access. Elvanto has SSL Certificates installed to ensure your data is kept safe on any computer, hardened firewalls to keep the server safe and even CCTV surveillance and biometric access control at our data centres.

All databases and backups are encrypted at rest to ensure the saftey of the data.

All passwords are hashed with unique salts.

We secure our login pages against brute force attacks - if a user fails to log in 5 times, they will get blocked (user will be unblocked when you send a reset password link to the user).

For access to your individual Elvanto account, we also give you the power to customise Access Permissions (a role-based access control feature) for your users. Access Permissions allow you to restrict a user’s access to various parts of the site. Only a super admin has the power to view and edit all parts of the site.

All of our team receive yearly privacy training, sign confidentiality agreements and only have access to what they need for their role.

How does the Facebook integration work?

Facebook integration is built using the OAuth2 protocol. Elvanto only accesses the person’s name, email, and profile picture which is used to create their account, or if their account is already created it will use their if no picture has been uploaded. Once integrated with the account, it simply gives users another way to log in using their Facebook credentials.


If you have any other questions or would like to chat to one of our friendly team, contact us today!