S
StewardLedger

Your Data, Protected

We take data protection seriously. Here's how we keep your information safe.

GDPR Compliance

StewardLedger is fully compliant with the General Data Protection Regulation (GDPR). We process all data within the European Union and maintain strict controls over data access and usage.

Data Processing Locations

All customer data is stored and processed within EU-based data centers. We use industry-leading cloud infrastructure providers that maintain ISO 27001 certification and SOC 2 compliance.

Sub-processors

We engage the following sub-processors to deliver our services:

  • Cloud Infrastructure: [Provider Name] - EU data centers
  • Email Services: [Provider Name] - EU-based
  • Payment Processing: Stripe - GDPR compliant

Data Retention Policies

We retain customer data according to the following schedule:

  • Active Accounts: Indefinitely while subscription is active
  • Cancelled Accounts: 90 days after cancellation
  • Backup Data: 30 days in encrypted backups
  • Audit Logs: 7 years for compliance purposes

Security Measures

Encryption

  • In Transit: All data transmitted using TLS 1.3 encryption
  • At Rest: Sensitive data encrypted using AES-256
  • Database: Encrypted at rest with automatic key rotation

Access Control

  • Role-based access control (RBAC) for all users
  • Two-factor authentication (2FA) available for all accounts
  • IP whitelisting available for enterprise plans
  • Complete audit logging of all access and changes

Security Audits

  • Regular penetration testing by independent security firms
  • Continuous vulnerability scanning
  • Annual security compliance audits
  • Incident response plan tested quarterly

Data Subject Rights

Under GDPR, you have the following rights regarding your personal data:

Right to Access

You can request a copy of all personal data we hold about you. We will provide this within 30 days of your request.

Right to Rectification

You can request corrections to any inaccurate or incomplete personal data. Updates are made immediately upon verification.

Right to Erasure

You can request deletion of your personal data. We will comply within 30 days unless we have legal obligations to retain certain data.

Right to Data Portability

You can request your data in a structured, machine-readable format (JSON, CSV, or XML) for transfer to another service.

How to Exercise These Rights

To exercise any of these rights, contact us at privacy@stewardledger.com. We will respond within 30 days.

Multi-Tenancy Security

StewardLedger uses a secure multi-tenant architecture:

  • Row-level Security: Database queries automatically filtered by organization
  • Tenant Isolation: No cross-tenant data access possible
  • Separate Encryption Keys: Each organization has unique encryption keys
  • Network Isolation: Logical separation at application level

Certifications & Compliance

  • GDPR: Fully compliant
  • SOC 2 Type II: Certification in progress
  • ISO 27001: Infrastructure providers certified

Data Processing Agreement

For customers requiring a formal Data Processing Agreement (DPA), we provide a standard GDPR-compliant DPA template. Contact us to execute a DPA for your organization.

Questions?

If you have questions about our data protection practices, please contact our Data Protection Officer at dpo@stewardledger.com.

Last updated: January 27, 2026

Ready to simplify your church finances?

Start your 30-day free trial today. No credit card required. Full feature access.

Get Started Free Contact Sales
ende