Security

Being in the cloud, membership information security is rightfully on everyone’s minds. RustyBrick, the technology firm behind ShulCloud, has been running cloud systems for over 20 years and has employed the latest in security best practices directly into this website. Please read below for full details on how ShulCloud aims to keep your data SAFE.

Why Trust Us With Your Data?

Synagogues have a lot of data on their members and we know how sensitive that information is.  The owners of ShulCloud/RustyBrick use the software in their own synagogues, so “we put our money where our mouth is.”  We deploy the same security protocols we use for our client work through RustyBrick, including MTV, HarperCollins, Nestle, Harvard as well as controlling and securing emergency room hospital data for 30+ ER departments in the New York tri-state area.  We take security, privacy and redundancy very seriously.

Core Security Best Practices:

• We DO NOT store any credit card info or bank account information on the servers.
• We DO NOT store Social Security #’s and other sensitive info.
• All passwords are HASHED into a one-direction scramble.  So we can only validate a password if the right one is given.
• All credit card info is sent by an encrypted HTTPS connection and is never stored.
• We put you in control of how long session timeouts last for your congregants.
• We put you in control of how long a login link in an email will be active for.
• We encourage ShulCloud administrators to provide each person with a unique login with a unique list of access points.  Please do not share passwords.
• ShulCloud staff is not permitted to grant access to anyone who does not already have access. They must be granted access by someone who already has it.

Additional Security Practices:

• We offer sitewide HTTPS security, if requested.
• Two-factor authentication is required for higher level access to the data.
• Facebook or Google login is offered for additional security.
• Our servers ALWAYS have the latest security patches.
• Our HTTPS connections support the most secure available encryption standards
• ShulCloud uses TrustWave’s TrustKeeper for third-party security testing and managed compliance.
• We provide audit logs for any changes made by office staff, congregants, etc.
• Your Data Is Secure & Safe:

We KEEP your data backed up securely too:

• There is 1 day of immediately accessible backup for select ShulCloud staff to access in case of data loss.
• There are 3 days of within 30 minute restorability available directly in AWS.
• There are 30 days worth of backups stored in long term backup, accessible within a couple of hours.
• Backups are stored in AWS and also backed up offsite.
• All of ShulCloud’s code is version-controlled and backed up offsite too.
• Backup routines are tested regularly to ensure we can be up and running fast in case of failure.
• Servers Are Locked Down & Scalable:

All servers reside behind our private firewalls.

• Our databases reside in an isolated subnet with no direct internet access.
• We constantly monitor the servers and patch to the latest security updates.
• We upgrade our hardware several times a year to keep up with demand.
• We are able to provide these upgrades with minimal downtime.
• You Are Free To Take Your Data:
• Your data is yours, we are obligated to protect it and deliver it to you at any time
• You have the freedom to switch to any other product or service
• You have the right to require us to delete your data at any time
• We offer full SQL access to your data if you have the expertise on-hand.
• See our privacy policy and terms and conditions for more details

ShulCloud is also insured:

We also hold various insurance policies for online intrusions, including typical business insurance, E&O insurance, special cyber security insurance and various other policies to protect us in case of an attack.