Churches stay separate
Every church works in its own closed area. It is not possible to see another church’s data – not by accident, not by trying.
Security & Privacy
Security your pastors, finance team, and IT reviewers can understand.
Apprenta handles sensitive giving and donor-contact data. This page explains, in plain language, how we protect your church's records and what your IT or privacy reviewers can expect.
100%
Bank access read-only
0
Card numbers stored with us
EU
Hosted inside the European Union
AES‑256
Encryption for sensitive fields
At a glance
Four promises we actually keep.
These are not just promises on paper — they are built into Apprenta in a way we ourselves cannot bypass.
No ability to move money
Apprenta only reads bank transactions. We cannot initiate transfers, payments, or direct debits.
Role-based access
Admin, editor, and viewer roles separate team management, finance work, and read-only access. Sensitive actions are double-checked by Apprenta itself, not only in the user interface.
AI with clear limits
AI features only receive the data needed for the current task. For general finance questions, donor names are hidden automatically.
Architecture
Reliable protection for your data.
From the moment you click in the browser until the data is stored, every step re-checks whether the request is allowed.
Encrypted connection
Sign-in (with optional second code)
Role check
Separation per church
Your data
encrypted at rest
For IT & privacy reviewers
The important safeguards live deep in the system.
Your data is not protected by the screen you look at, but by several checks that a regular user never sees. Here is a direct look at them.
- Sign-in with email confirmation and optional two-factor confirmation (an extra code in addition to the password).
- The database itself ensures that each church can only see its own data.
- Passwords and access to bank, AI, and email providers stay on our server only. Bank credentials are additionally stored encrypted.
Protection at every layer
In transit
Encrypted between device and server (HTTPS)
Sign-in
Password + optional two-factor confirmation
Server
Every sensitive action is checked for a valid session
Database
Strictly separates data per church
Sensitive data
Bank and donor data encrypted with AES-256
Protection at every layer
Controls in detail
What Apprenta protects in practice.
These areas are built directly into Apprenta – sign-in, database, our server, and the connected services like banking, payments, and AI.
Churches stay separate
- Every record clearly belongs to one church.
- Even someone who deliberately tried to pull another church’s data would not get through.
- Maintenance access with elevated rights is tightly scoped to specific, defined tasks.
Sign-in and sessions
- Sign-in is protected against the most common phishing tricks.
- New accounts must confirm their email address.
- Two-factor confirmation (an extra code) can be turned on.
- For sensitive actions, Apprenta additionally checks that you are really signed in.
Bank and payment data
- Bank access is read-only. We import transactions, but never initiate payments.
- Technical credentials for the bank connection are stored encrypted.
- Card data is handled directly by our specialised payment provider. Apprenta does not store card numbers or security codes.
Donor data and outreach
- Contact details live in their own tables with their own access rules.
- Unsubscribe and preference links are protected against tampering.
- Bounces, complaints, and unsubscribes are honored automatically – no one gets further emails by accident.
AI and generated content
- Access to AI providers stays on our server only – never in your browser.
- The AI only receives the data needed for the current task.
- Text and emails the AI suggests are checked for unsafe content before they are shown or sent.
Compliance and vendor reviews
- Data export, access, and deletion requests are handled as defined processes.
- Roles help ensure each person only sees what they actually need for their work.
- We can provide documentation for privacy and security questionnaires.
For your due-diligence review
Frequently asked questions
Bank access
How we handle your bank connection – in concrete terms, not acronyms.
Read transactions only. Apprenta cannot send transfers, set up direct debits, add payees, or change any account settings. That separation is enforced by your bank itself, not by us.
Through your bank’s official open-banking interface, brokered by a payment service that is licensed and supervised by the German federal financial regulator. There is no screen scraping and no storage of your bank login credentials at Apprenta. You authorize the connection directly with your bank.
You – any time, both inside Apprenta and directly in your bank’s online portal. The authorization also expires on a regular schedule by law and must be renewed.
No, not in normal operations. Staff do not have routine access to your data. Support cases follow a documented two-person rule and require your consent.
Still have a question?security@apprenta.de
FAQ
Security questions churches ask
No. Every church has its own closed area – there is no way to peek inside, not even by accident.
No. Bank connections are only used to import transactions. Apprenta does not initiate any payments or transfers.
No. Roles let you cleanly separate pastoral work from access to specific giving amounts.
Yes. Export and deletion are supported at the organization level and handled through the customer process.
Ready for a platform your board, pastors, and IT will all back?
Start for free and see how Apprenta connects giving data and pastoral work – with safeguards your team can actually understand.