Maximora ChurchHub is built on a multi-tenant, security-first foundation. Your church owns your data — we protect it.
All data is encrypted in transit (TLS 1.2+) and at rest (AES-256).
Tenant isolation is enforced at the database layer via Row-Level Security: every record is scoped to a church, and policies reject cross-tenant reads and writes.
Role-based access with a least-privilege model: super_admin, regional_admin, area_admin, district_admin, church_admin, pastor, ministry_leader, and member. Roles live in a dedicated table — never on user profiles — to prevent privilege escalation.
Two-factor authentication is available for all accounts.
Sensitive actions are written to an immutable audit log including actor, action, target, and timestamp. Church admins can review activity for their tenant.
M-Pesa Daraja STK Push integrations use server-side credentials only. We never see or store your subscribers' M-Pesa PINs. Callbacks are matched against server-issued CheckoutRequestIDs.
Aligned with the Kenya Data Protection Act 2019 and GDPR principles: lawful basis, data minimization, the right to access, correction, and deletion. Data residency in Africa is available on the Kingdom plan.
Found a vulnerability? Email security@maximoraglobal.com. We acknowledge reports within 2 business days.