Built so you can trust us with the masjid's data
Donor records, finances, and member directories deserve real security — not a checkbox. Here's how we protect them.
Encryption everywhere
TLS 1.3 in transit. AES-256 at rest. Customer-managed keys available on enterprise plans.
Tenant isolation
Every query is scoped by tenant via Postgres row-level security. No cross-tenant data leakage by construction.
Access control
RBAC for staff, scoped donor portals, and fine-grained admin roles. SSO and SAML on enterprise plans.
Backups & recovery
Continuous WAL archiving with 30-day point-in-time recovery. Backups encrypted and replicated across regions.
Hardened infrastructure
Hosted on Tier-1 cloud providers with private networking, least-privilege IAM, and infrastructure-as-code.
Audited regularly
Annual third-party penetration tests. SOC 2 Type II in progress. Reports available under NDA.
Operational practices
- Multi-factor authentication required for all team members.
- Production access limited to a small on-call group with audited sessions.
- Quarterly security trainings and phishing drills for all staff.
- Dependencies scanned daily for known vulnerabilities; critical patches deployed within 24 hours.
- Audit logs retained for 12 months and exportable by org admins.
- Documented incident response with customer notifications within 72 hours.
Report a vulnerability
We welcome responsible disclosure. Email [email protected] with details and we will acknowledge within 24 hours. We do not pursue legal action for good-faith research.