Security and Compliance
Encryption in transit and at rest, MFA, audit trails, and DPA ready for review.
Security is not optional
Ministrium safeguards sensitive data: minors’ information, health details, donations, banking transactions. Security is neither optional nor cosmetic — it’s the first condition for the product to exist. This section describes how we do it and how to verify it.
Isolation between churches
Each church is an independent tenant. The data of one church is never mixed with or exposed to another:
- Application-level isolation. Every database query filters by
church_idand every endpoint validates that the user belongs to that church before responding. - Structural isolation at the database level. Postgres Row-Level Security guarantees that even if someone writes a query without a filter, the database does not return rows from another tenant. Policies are applied automatically based on a session setting established at the start of each request.
- Continuous auditing. An automated CI check verifies that every new tenant-scoped table has RLS enabled before merging.
The RLS model is defense in depth: even if a vulnerability allowed arbitrary SQL execution, the attacker would still be limited to the universe of their own tenant.
Roles and permissions
Ministrium implements role-based access control (RBAC) with 9 functional roles and fine-grained per-endpoint permissions. See Roles and permissions for details on what each role can do.
Every action that modifies data goes through double validation: authentication (the user is who they claim to be, via JWT) + authorization (their role can perform that action in that church).
Compliance summary
| Standard | Status |
|---|---|
| SOC 2 Type II | Audit in progress, completion projected for Q4 2026. See SOC 2. |
| GDPR (European Union) | We honor rights of access, rectification, deletion, and portability. See GDPR and LGPD. |
| LGPD (Brazil) | We comply as operator and processor of personal data. |
| LFPDPPP (Mexico) | Privacy notice published and consent processes implemented. |
| HIPAA (USA, health data) | BAAs signed with all infrastructure providers. See HIPAA. |
| COPPA (USA, minors < 13) | Additional safeguards for Child Check-in. See COPPA. |
| PCI-DSS | We do not store card data; all payment capture is done by Stripe directly, certified PCI-DSS Level 1. |
Keep reading
Status of the Type II audit and how to request the report.
SOC 2Safeguards for minors’ data in Child Check-in.
COPPABAAs and handling of health information.
HIPAAData subject rights and lawful bases.
GDPR and LGPDTLS 1.2+, AES-256, and bcrypt for passwords.
EncryptionTwo-factor authentication and password policies.
MFAAppend-only immutable log retained for 7 years.
Audit and logsData Processing Agreement ready to sign.
DPAReporting a security issue
If you find a vulnerability, write to security@ministrium.com with:
- Description of the problem and steps to reproduce.
- Potential impact (what data could be exposed).
- Your contact information to coordinate the response.
We have a responsible disclosure policy: we confirm receipt within 24 hours, maintain communication throughout the investigation, and do not legally pursue those who report in good faith following this channel.