Breeze Security/SSL

We're so glad that you're asking questions related to the security of the data stored within Breeze. This is a question you should be asking – after all you owe it to the people connected to your church to ensure their personal data is protected. We’ve put this article together to outline the measures we take to ensure the security of your data.

Encrypted Connections


Breeze uses an HTTPS SSL encrypted connection in a PCI compliant datacenter for data sent back and forth. This is the same standard used for transferring credit card data. This protects against malicious actions such as “man-in-the-middle” attacks where an individual attempts to intercept the message. An encrypted connection means that only the correct recipient is able to read the data.

Daily Back Ups


We back up the database every 24 hours in multiple geographical locations. Our back ups also allow us to restore your database if you or another individual accidentally deletes data that should have been retained. We also back up the filesystem every 24 hours which creates a back up of all content as well as a redundant database backup.

Routine Testing


We want to be sure your data is safe - both on a server level and on an application level. To aid in this effort, Breeze routinely undergoes penetration testing to help keep your data safe.

User Accounts & Permissions


You’re able to create multiple user accounts, each having their own set of permissions so that each user only has access to what he or she should have access to. Common scenarios for this are restricting the majority of staff from seeing contribution information or preventing certain users from adding or deleting people. All user accounts also have a password that’s needed to log in. If you’re interested in more details on how these permissions work, check out our video on users and roles.

Automatic Log Out


Administrators can also determine if a user should be automatically logged out after a certain amount of inactivity. Different users can have different settings so that if desired, users with access to more sensitive data can be logged out sooner than those with fewer privileges. If you’re interested in more details on how these permissions work, check out our video on users and roles.

Store Data on your Own Computer


Some churches like the peace of mind in knowing their data is backed up locally on their own computer. Breeze allows you to export key data into Excel files whenever you’d like (here's instructions on how to export this). Additionally, we assume no one likes to feel trapped and so if for some reason you find you need to switch from Breeze to something else (which we hope you won’t :)), this makes it easy to pack up your data and take it elsewhere.

Online Giving Security


Credit card data is extremely sensitive and we work hard to ensure it is stored securely. In fact, we don't even store full card numbers on our servers nor do we have access to them. Instead, that data is securely stored by our payment processor (Stripe) as they specialize in areas like this. Stripe is one of the industry leaders in online payment processing and you can read more on their security here.

 If you choose to embed a Breeze Online Giving form in your website we recommend you get an SSL Certification on your website. Your church website acts as another layer in which malicious users can try to intercept personal data and the encrypted connection means that only the correct recipient is able to read the data. Check with your domain name registrar to see if they have digital certification available for purchase or go through a reliable SSL certificate authority to secure your church website today.

Datacenter


We’re big fans of focusing on what we do well (software) and letting others focus on what they do well (hardware). As a result we use an extremely high quality commercial datacenter for reliable security and speed. Datacenters are given a Tier 1 - 4 rating, with 1 being the lowest/worst rating and 4 being the highest/best. 

Breeze operates in a tier 4 datacenter. The tier breakdown is as follows:

  • Tier 1 - Availability: 99.67%, 28.8 hours of interruption/year , no redundancy
  • Tier 2 - Availability: 99.75%, 22 hours of interruption/year, partial redundancy
  • Tier 3 - Availability: 99.982%, 1.6 hours of interruption/year, redundancy N+1
  • Tier 4 - Availability: 99.995%, 0.8 hours of interruption/year, redundancy 2N+1

The datacenter is located in southern California. For those of you interested in even more specifics on the datacenter, here are a few useful links:

Note: Breeze has never experienced a security breach that has exposed client data. We definitely take extensive measures to protect the sensitive information of our organizations!

Was this article helpful?
36 out of 44 found this helpful

Comments

18 comments
  • The above Datacenter Security link goes to a 404 "page not found" error.

    0
  • Hi @cdchasdaniel!

    Thanks for the note! We have alerted Lightcrest of this error. They are aware and are in the process of updating it. It should be fixed soon. Thank you for notify us and for being patience as we all work together to get this resolved.

    Blessings and Happy Breezing!

    0
  • Multi-Factor Authentication

    Goes without saying Breeze is brilliant, though one thing keeps me up at night... Is there any plans for MFA? Since all users of Breeze are usaully dealing with a very large amount of sensitive and private information for many people, I believe there should be a second-factor to authenticate the user. This could be a text message with a 6 digit code, integrationg with an authenticator app etc... Whatever the case, it seems that anyone, from anywhere, can login to a Breeze account as long as you have the password- not hard with a little bit of social engineering.

    Would appreciate a Breeze Security Product Owner to comment on this!

    Thanks for the great software guys!

    1
  • Correct Link: For anyone interested the correct link (in reference to @Charles comment above) is https://www.lightcrest.com/security-and-compliance/ as the one provided above, at time of posting, goes to 404 page- Lightcrest haven't directed the old URL.

    0
  • Hey @admin,

    We are currently investigating MFA/2FA as well as other options for additional security enhancement for Breeze. We don’t have it on our current development schedule but are certainly committed to reviewing this going forward! 

    Blessings!

    1
  • Are there only a certain number of our users that can be logged on at the same time? My people are having trouble logging on at times and at other times, they can get right on. 

    0
  • @Mary

    Thanks for taking a moment to reach out to the Breeze community!

    There is no limitation to how many users can log onto Breeze at one time. If you encounter any issues with access, it would be related to Internet connection or Login Credentials. 

    If you have any additional questions, please let us know!

    0
  • I am a very new user of Breeze and love how it works but have security concerns. I established a new user today, and he received his access email (in his junk folder?) with his username and password, and this new user was truthfully horrified that his password was just sent like that, in plain text, with no encryption whatsoever, via email. The second concern from this new user was that the software should at least prompt him to immediately change his password, but that does not happen. This person has now raised security concerns about how secure our data is if the passwords are stored and sent over email in plain text. We deal with highly personal information that nobody wants hacked and stolen. I now am very concerned if I can in good conscience recommend to our church to switch over from our very outdated but at least locally stored system to Breeze. Are there any plans for higher security regarding the passwords? How secure is the database?

    1
  • @plajer

    Great questions! Breeze certainly understands your desire to provide the safest and most secure platform available. The method of sending login credentials is the standard practice security protocol. Temporary Passwords and login access are commonly sent via this method from the largest personal information platforms. If you have additional questions on Security, perhaps this post will give you more clarity - https://app.breezechms.com/security

    We certainly appreciate the feedback here as we want our customers to understand that their information is safe and secure. 

    0
  • Hey guys, I know this question has been asked couple times, but have you guys had any plans for MFA in the roadmap?

    1
  • @sendjaja

    Great question! We've certainly had some inquiry from customers on this but not enough to push this into product development just yet. I believe Breeze will eventually see this added as a feature in the future! 

    We encourage you to add your voice to the Feature Request form! The more people who ask for it, the better. See here: Submitting Feature Requests

    Cheers!

    0
  • Hi guys. I check in every few weeks and am quite disappointed with the last response.

    Some motivation for MFA: https://www.9news.com.au/national/cyber-attack-australia-scott-morrison-government-private-sector-breach-of-security/e621ae47-f810-4fa7-9c11-3caa3b09f4dc

    It will only take one breach to ruin all the great work we do in Christ's name! Please consider pushing MFA to the top! Many users of Breeze are not thinking about MFA. Breeze is designed for small and medium churches, and to have someone with Cyber security or  IT experience isn't common- even in large churches.

    You have a responsibility to take this request seriously. This isn't a premium feature anymore, this is compulsory- especially when Churches are gathering very sensitive information about finance, pastoral notes, ages, family/children, schools, locations, numbers... This is a gold-mine waiting to be discovered by sinister agendas.

    Please don't wait for the big push from your account holders. It won't come. I am speaking on behalf of them. At least provide the option with default off, or add-in etc. Anything to make this more secure please!

    0
  • @admin
     
    Thank you so much for reaching out to us. We completely understand your concern here. We want you to know that your request is being heard and we thank you for voicing your concern. Security is extremely important to us. I've also shared your notes with my Team Lead just to make sure we continue to reiterate this request. I would also suggest that you submit a Feature Request to add your voice to the chorus of this Feature: Submitting Feature Requests
     
    Cheers, 
     
    0
  • Hello. I want to add to the chorus on Multi-Factor Authentication.  Some folks from our church recently had their church e-mail spoofed and we are concerned about this being abused for a phishing attempt, instead of the gift card scam that they received.  I recommended to leadership to enable MFA on every possible system.  Not having this as an option is something that may make some of our leadership want to look elsewhere.  I think Breeze is a great product and its intuitive design, great feature set, and reasonable price are huge benefits.  But security needs to be a top focus.  Cybercrime has been exploding the last few years and criminals have been especially active since people have bene forced to work from home.  This needs to be a high priority item.

    1
  • @Evan


    Thank you for reaching out and voicing your concern about Multi-Factor Authentication. We absolutely understand your concern, and want you to know that your concern for Multi-Factor Authentication is heard, and taken seriously! Security is very important to us at Breeze. I will share your valid thoughts with my team lead! I also recommend that you submit a Feature Request and add your voice alongside the many people recommending this feature: Submitting Feature Requests

    Have a great day!

    0
  • I would like to know the status of your investigation on MFA/2FA, one year later since the question was asked. Has any decision been made yet, to move forwards or not considering the sensitive information that we have in Breeze.

    1
  • @aimee Thank you for your patience with us as we are continuing to investigate this feature. It is still not on a public facing roadmap, but are doing further research on the matter and agree that it is more secure. We recommend subscribing to our Product Updates blog to hear the latest updates on our new releases. You'll find it here: https://www.breezechms.com/blog/tag/updates

    0
  • Brothers and sisters in Christ. I just filled out this form requesting better login security. Please do the same. It only took about 2 minutes: https://www.breezechms.com/feature-request

    0