Security
Your Financial Data, Protected
OCM is built on enterprise-grade security infrastructure. We take the protection of parish financial data seriously.
Encryption
Data Encryption
- All data encrypted at rest (AES-256) and in transit (TLS 1.2+)
- Database hosted on Railway with encrypted storage
- No financial data stored in browser local storage
Payments
Payment Security
- Payments processed by Stripe (PCI DSS Level 1 certified)
- Bank connections via Plaid (SOC 2 Type II, end-to-end encryption)
- OCM never stores raw credit card numbers or bank credentials
- Check printing via Checkbook.io (SOC 2 compliant)
Access
Access Controls
- Role-based access control with 10 configurable roles
- Separation of duties enforced (creator ≠ approver ≠ payer)
- Configurable approval thresholds per user
- Every action logged to an immutable audit trail
Authentication
Authentication
- Powered by Clerk (SOC 2 Type II)
- Multi-factor authentication available
- Session management with automatic timeout
- Biometric login on mobile (fingerprint, Face ID)
Compliance
Compliance
- GAAP-compliant double-entry fund accounting (FASB ASC 958)
- Full audit trail — every transaction traces to an authenticated user
- Immutable audit log (UPDATE/DELETE revoked at database level)
- Year-end audit export packages
Infrastructure
Infrastructure
- PostgreSQL 16 database with row-level security
- API-first architecture with JWT authentication
- No shared tenancy — entity-level data isolation
- Automated backups with point-in-time recovery
Questions about security?
Contact us at security@onchristsmission.com