Home
Get Started
Menu
Get started

Security & Performance

How we keep your data safe

The Glass Canvas (GC) Team does not access or interact with customers’ data as part of normal operations. There are cases where GC needs to access customer data in order to troubleshoot a support issue, to generate customer requested reports, or where required by law, however all data is access-controlled.

We may revise and update this Security Policy from time to time at our sole discretion. All changes are effective immediately when we post them, and apply to all access to and use of the Website thereafter.

Your continued use of the Website following the posting of the revised Security Policy means that you accept and agree to the changes. You are expected to check this page from time to time so you are aware of any changes.

Encrypted Connections

The Tilma platform uses industry-standard HTTPS SSL encrypted connections for all sites to secure data sent back and forth between users and our servers. This is the same standard used for transferring credit card data. This protects against malicious actions such as “man-in-the-middle” attacks where an individual attempts to intercept the message. An encrypted connection means that only the correct recipient is able to read the data.

System Administration & Data Centres

Tilma operates on a custom system administration environment that is hosted by DigitalOcean and Amazon AWS, premier commercial cloud hosting providers, certified to the ISO/IEC 27001:2013 compliance standard for information security management systems. We continuously synchronize our databases and files between each hosting provider to ensure maximum redundancy, data safety and integrity. Backups are created daily and stored at the respective data centre.

All of our hosting providers operate multiple data centres which each employ high-speed internet connections through multiple ISPs (Internet Service Providers) for redundancy. Our system administrators actively monitor our servers and traffic loads at each data centre and use load balancing tools to route users to the most efficient server. This ensures that everyone accessing a Tilma site has the best experience possible.

Admin Accounts & Permissions

Our platform is specifically designed to have multiple admin user accounts, each having their own set of permissions, ensuring that each user only has access to what they require. Common scenarios for this are restricting which admin users are able to view donation information of other user accounts, or preventing certain users from adding or deleting people. All admin accounts require a password to be set to enable logging in, and these passwords are encrypted so they cannot be viewed by any other users.

We use standard rails authentication conventions which means that your account password is securely stored and managed within our systems. Even if someone were to steal a database of passwords, they would not know your password and would be forced to guess every possible password in order to find it.

Member Accounts

Parishioners can easily register to create an online account where they will be able to securely edit their membership information and manage online giving, among other activities. Just like admin accounts, all user accounts require a password to be set to enable logging in, and these passwords are encrypted so they cannot be viewed by any other users. Strict access controls for each member account ensure that a member's personal and financial information is stored securely and that no unauthorized access takes place by other users across the entire Tilma platform.

We use standard rails authentication conventions which means that your account password is securely stored and managed within our systems. Even if someone were to steal a database of passwords, they would not know your password and would be forced to guess every possible password in order to find it.

Online Giving Security

Credit card data is extremely sensitive and we work hard to ensure it is stored securely. In fact, we don't even store full card numbers on our servers nor do we have access to them. Instead, that data is securely stored by our payment processor (Stripe) and accessed via encrypted tokens. Stripe is one of the industry leaders in online payment processing and PCI compliance, and you can read more on their security here.

Data Retention

We retain your personal data only for as long as it is required and to the extent necessary for us and our clients to comply with any legal obligations and applicable laws, resolve disputes and enforce our legal agreements and policies. Account data is not automatically deleted if an account is deemed “inactive.” We will delete account data upon request, however there may be limitations on what data can be deleted to ensure all legal and financial obligations for us and our clients are met. Certain data acquired by parishes and dioceses, such as sacramental records, may need to be retained indefinitely in order to comply with certain information lifetime management (ILM) regulations.

Multi-Tenent Security

Tilma is a multi-tenant platform with strict access controls between each instance. This ensures that site and user data can not be accessed between instances by admin users who don't have the correct permissions. Every data request must pass a security test based on which "orgs" (or sites) a user has access to; this ensures data security for all users.

Cloudflare

We have integrated the Tilma platform with Cloudflare, which specializes in protecting websites and applications, as well as increasing speed and reliability for everyday users through a network of dozens of data centres around the world. This brings the Tilma platform closer to users so it runs fast, while simultaneously protecting the platform from malicious attacks and unnecessary server requests.

Contact Us

If you have any questions about this Policy, please contact us.

Ready to transform your diocese?

Give us a call: 1-888-601-0523

Give us a call to see what your needs are or book a time to
experience what Tilma could be like for you.
Get in touch