Security Practices and Procedures at Planning Center
Security here at Planning Center is not taken lightly. Below, we'll outline both the physical and technical procedures we use to ensure your data is kept safe.
The Payment Card Industry Data Security Standards (PCI DSS, or more commonly, PCI) are a set of standards set forth by the four major card associations to protect cardholder data. All merchants and processors need to have physical, electronic, and procedural controls in place to ensure that cardholder data is stored and handled securely at all times.
Planning Center is a PCI Level One compliant merchant.
Our payment processor, Stripe, is one of the largest, most advanced payment processors in the world. They handle payment processing for services like Kickstarter, Lyft, Shopify, Pinterest, Twitter, Heroku, SurveyMonkey, and many other companies. Stripe is also a certified "PCI Service Provider Level 1" payment processor.
Whenever your data is in transit between you and us, everything is sent encrypted over HTTPS, and our primary databases utilize encryption at rest. We protect your login from brute force attacks with rate limiting, and all passwords are filtered from all our logs and are one-way encrypted using industry standard bcrypt.
We hire the best developers we can find. Since so many security exploits take advantage of coding errors, part of security is having well-tested, well-reviewed code. At Planning Center, when code is written it requires at least 2 other developers to review the work before it makes it to our test servers. Once it's on our test servers, we make sure everything is working through a quality assurance process. When the code finally makes it to production it has had a lot of eyeballs on it. Developing this way means that it takes more time to get things done, but it also means that fewer mistakes get by.
We employ a multilayered backup strategy that is designed to be resilient to hardware failure, regional disasters, and malicious acts. Both point in time backups and daily snapshots are available for use in recovery. These backups are tested monthly to ensure their integrity.
We run an ongoing bounty program through HackerOne to provide penetration testing across all of our products. These security researchers are some of the best in the world at finding vulnerabilities and responsibly disclosing them.
Our bounty program is open to anyone who finds a security vulnerability. To report a vulnerability, please start by requesting an invite to our program by email at email@example.com. Our average response time is less than one day.
All of your data is stored in AWS data centers, which use industry leading practices in physical security, redundancy, and availability. You can learn more about Amazon's data centers here.
At the most basic level, our main physical space is locked and alarmed during off hours. In the event of a break-in, we may lose some expensive monitors, but since our servers don't reside in our buildings, they aren't vulnerable to smash-and-grab robberies. Customer data isn't on the laptops our employees use as they work. Even still, local computers are password protected and encrypted. In the course of conducting customer support, employees access customer data using an encrypted connection and must envoke a phycial security key upon connection.
Planning Center is a small company, so thankfully we are able to hire some brilliant people who care about its success. Our employee turnover is extremely low (especially for the tech industry). To protect company data, including customer data, all employees sign a non-disclosure agreement when hired. All of our employees are on-shore here in the US.
Lastly, a word about the culture here in general. Most of us who work at Planning Center are also users of our software. Our personal data is in the same database as our customers. We've checked-in our children using Planning Center Check-Ins at our own churches. We've donated to our churches using Planning Center Giving. To date, we've never had a breach or issue related to data theft. If that ever happened, we understand that the goodwill and reputation we've been building over the years would vanish. It would be a major blow to all of our personal careers. This is another reason we go to such lengths described above.
If you have any questions that weren't addressed on this page, please don't hesitate to ask by emailing us at firstname.lastname@example.org.