Security at Stewardex

Church data should be protected by design, not by accident.

Stewardex combines account authentication, church-level separation, role enforcement, audit history, and monitored support workflows.

01

Separate church workspaces

Server-side authorization limits records and actions to the signed-in user’s church membership and permitted role.

02

Least-privilege access

Owners, administrators, editors, users, platform support, and the platform owner have distinct responsibilities and controls.

03

Traceable operations

Important inventory, account, support, and platform changes create audit records to help diagnose mistakes and investigate concerns.

Current safeguards

  • HTTPS-secured connections for the public site and application.
  • Supabase-based authentication and private password handling.
  • Server-enforced church, role, cost, department, export, and deletion permissions.
  • Cloudflare-hosted application, database, and file infrastructure.
  • Protected file and logo access tied to church membership.
  • Automatic browser-error reporting without form values or passwords.
  • Support and quality-gate tools restricted from ordinary subscriber accounts.
  • Export and recovery controls for authorized church administrators.

Report a vulnerability

Email security@getstewardex.com with a clear description, affected page, reproduction steps, and potential impact. Do not include real passwords or unnecessary church records.

Please protect churches while testing
  • Do not access or alter another church’s information.
  • Do not use automated attacks, denial-of-service testing, social engineering, or destructive techniques.
  • Stop if you encounter personal or confidential information and report it promptly.
  • Allow Stewardex reasonable time to investigate and correct a confirmed issue before public disclosure.

Security incidents

Stewardex will investigate credible reports, preserve relevant records, contain confirmed issues, and notify affected parties when required by applicable law. Security questions from church account owners may also be submitted through the signed-in Support area.