How we protect your church's information
At Domo we handle people's data —including sensitive data such as pastoral-care notes— seriously. This page summarizes the technical and organizational measures we use to protect that information. No system on the internet is infallible, but we work to reduce risk with reasonable, up-to-date controls.
Each church runs on its own separate database. One community's data is not accessible from another: isolation does not rely only on application filters, but on a real separation at the storage level.
Within each church, you decide who sees what. Permissions are assigned by role, and the most sensitive information (such as restricted pastoral notes) is limited to the roles the church enables.
All communication between your device and Domo travels encrypted (HTTPS/TLS), so information cannot be read along the way.
We run periodic backups so information can be recovered after an incident. You can also export your own data (directory, groups, ministries, attendance and per-person data) anytime: we recommend keeping your own copies.
We rely on specialized providers, contractually bound to protect data and to process it only on our instructions:
Processing details and international transfer are explained in the Privacy Policy and the DPA.
In the event of a security incident affecting personal data, we notify the controller church without undue delay, with the information available, so it can meet its obligations toward data subjects and authorities.
Pastoral-care notes and religious membership receive reinforced protection. When recording them, the product reminds users that they must have a lawful basis or consent and be handled confidentially.
If you find a security issue, email us at hola@domoiglesia.com. We appreciate responsible disclosure and respond promptly.