Firstly, it's important to say that we take security extremely seriously. The founder & owner of Hubb, ran a financial services software company in the US before Hubb began. Approximately 50% of all banking transactions in the US during this period passed through software created by the company. Consequently, Hubb has been built from an understanding of the significance of security.If you have any questions, or would like more information. Please contact us on firstname.lastname@example.org
General Web Security
All pages on your site and in the web office are fully encrypted with SSL using https.
Passwords are encrypted and stored in the database via a 1-way salted hash. Secure password links are sent using time-sensitive, single use email authentication.
Administrators have the option to set up multi factor authentication for web office access. This can be made mandatory for individual users or admins, or everyone who logs in.
Customers also have the option to enable or enforce the use of Google Workspace logins - especially useful if you use security keys to log in to your Google Workspace accounts.
All of our staff have Multi Factor Authentication forced for logging into Hubb sites.
Hosting and Backups
Our servers are located in a secure data centre in London on a highly redundant virtualised platform. These servers are accessed via a secure VPN by the technical team.
Changes to data are backed up in bulk and sent to a secondary server in the same location every 5 minutes. Backups are also sent to a second data centre which is 100% independent of the first, in another UK city every 5 minutes. Both data centres benefit from state of the art security and compliance.
All personal data stored on our servers is encrypted at rest.
Monitoring and Alerts
We have robust server monitoring and alerts sent to staff who are on call 24/7, 365 days a year.
We run regular automated security scans on our servers (including the OWASP Top 10 list) and also periodically engage CREST certified penetration testers for manual testing.
We are currently rated grade A and A+ on industry recognised security checking providers.
IP Blocking and Server Hardening
We have continuous upstream DDoS mitigation, and our servers are constantly analysing incoming traffic using automated algorithms that automatically blacklist IP addresses originating any attacks on our servers.
Our servers are kept up-to-date with all the latest security patches and only accept connections using the latest ciphers. Firewalls block all non-essential ports.
It's important to point out that where payment systems are in use by an organisation we do not store credit card numbers; these are all handled by a secure third party payment processor so no such information could be accessed on our systems if there was ever a data breach.
Card details are handed straight to a payment processing company who handles millions of payments every day and whose entire business depends on the security of the transactions they handle. No card details are seen, handled or stored by Hubb, or by the church. All of the elements on the payment page which handle sensitive data such as card numbers are in iFrames hosted by the processing company themselves and so are secured by their own secure certificate and not subject to any communication with our servers.
Personal details that are stored on the web site can only be accessed by logging in using a unique user name and secure password. Full user details can only be accessed through the Web Office by those staff members and volunteers who have been granted the required permissions. The website and web office are all fully encrypted with SSL Encryption. All personal data stored on our servers is encrypted at rest.
Hubb gives you the ability to give granular permissions, so anyone who has access to your Hubb system can only see and edit what you would like them to.
All of our staff contracts contain relevant confidentiality clauses.
We use DMARC and DKIM to keep all emails secure