[Solved] How secure is Clubtreasurer?

How Clubtreasurer Keeps Your Data Secure

Our Commitment to Data Privacy

At Clubtreasurer, the security and privacy of your data are our top priorities. We employ robust measures to ensure your information remains safe and protected at all times.

We adhere strictly to data protection regulations. You can review our comprehensive Privacy Policy and Data Processing Agreement (DPA) (accessible via Setup > Subscription within the application). These documents detail our data retention policies and GDPR responsibilities, ensuring transparency and compliance.

Core Security Measures

We've implemented a multi-layered approach to safeguard your data:

• Robust Database Platform: Clubtreasurer is built on an Oracle Database DBMS platform. This is the same highly secure and robust technology trusted by many of the world's largest organisations and government agencies.
• Encrypted Data Transmission (TLS/SSL): All data transmitted between your browser and Clubtreasurer is secured using industry-standard TLS/SSL encryption. Always use the "login" link from www.clubtreasurer.com to ensure you reach the correct, secure login page. Once logged in, you'll notice the URL begins with https:// and your browser will typically display a padlock icon, indicating a secure connection.
• Regular Data Backups: Our hosting partner performs daily backups of our entire environment. Additionally, we create a separate weekly backup copy of all customer data for added redundancy.
• Secure User Authentication: Access to Clubtreasurer is strictly controlled through unique usernames and passwords.
• Encrypted Passwords: All passwords are encrypted using SHA-256 Hashing in our database. This means we cannot read your password, even at the database level.
• Advanced Bot Protection (Google reCAPTCHA V3): All user access pages, including Login and Password Reset, utilise Google reCAPTCHA V3 technology. This "silent sentry" actively detects and blocks non-human and suspicious access attempts, enhancing security without disrupting your experience.

Granular Access Control

System administrators have the flexibility to set specific user access and permissions for the Financial/Accounting and Membership sections, allowing you to control who sees what:

• Manager
• User
• Read-only
• No Access

Financial Data Handling

• No Sensitive Financial Details Required: We do NOT require you to store financially sensitive details such as bank account numbers, sort codes, or payment card numbers within Clubtreasurer.
• Secure Payment Processing: Your subscription payments to Clubtreasurer are handled securely through PayPal or direct bank payment.

Business Continuity

In the unlikely event that Clubtreasurer ceases operations, we commit to making every reasonable effort to notify our customers and provide adequate time to export your full set of transactions. More details can be found in our FAQ

Questions?

If you have any further questions about security or data privacy, please don't hesitate to open a support ticket or email us directly at support@clubtreasurer.com.