Security
Lightpost has been built with security in mind from day one. Outlined below are just some of the ways your data is protected — at rest, in transit, and behind the scenes.
Servers & Hosting
Lightpost runs on dedicated, private infrastructure — not shared hosting or multi-tenant abstractions.
Primary infrastructure is on Latitude and Hetzner, with off-site replicas on Digital Ocean.
Extensive logs and metrics are continually captured for all server activity.
Servers are only reachable via SSH over private networks, not public Internet. SFTP and all other remote access methods are strictly disabled.
Two-factor authentication is required on every third-party service related to Lightpost.
OS, kernel, and software package security updates are applied on regular automated schedules.
Uptime and performance are monitored continuously, with priority alerts for anomalies — see status.lightpost.app.
Application
Industry-standard frameworks, patterns, and dependency hygiene.
Web applications and services are built on Laravel, an industry-leading, security-first framework.
The mobile apps are built with React Native using Expo, distributed through the official Apple and Google stores.
Framework and application dependencies are continually kept up to date, with security advisories monitored automatically.
All database queries are parameterized and sanitized — preventing SQL injection.
CSRF tokens protect every state-changing web request.
All user input is escaped on output to prevent XSS attacks.
Errors and warnings stream into a dedicated bug tracker for analysis and fast fixes.
Rate limiting is applied to sign-in, password reset, and other sensitive endpoints.
Encryption
Encryption in transit, encryption at rest, and one-way hashing for anything we shouldn't be able to read.
All Lightpost web and mobile traffic runs over encrypted, TLS-enabled connections (HTTPS).
Passwords are stored using the one-way bcrypt
hashing algorithm. Even we can't see them.
Sensitive fields in our database are encrypted at rest.
API tokens and OAuth credentials are revocable at any time from your account settings.
Payment card details never touch Lightpost servers — handled entirely by Stripe (PCI DSS Level 1).
Secrets, credentials and keys are stored outside of application code and rotated periodically.
Backups & Durability
Multiple layers of backups mean we have a way back — even in worst-case scenarios.
The primary database uses encrypted streaming replication to a secondary off-site location.
Daily, weekly, and monthly off-site backups are taken automatically and encrypted.
Replication and backup processes are continuously monitored. Priority alerts fire on any failure.
Uploaded files (photos, attachments, media) are stored on redundant object storage with off-site replication.
Access & Permissions
Access is scoped at every level — user, role, and congregation.
Every query is scoped to your congregation. Data never leaks across accounts.
Role-based permissions control what members and leaders can see and do.
Authorization is checked on every web request and API endpoint.
Members can control the visibility of their own profile details (phone, address, email).
Sessions expire, and can be revoked from any device at any time.
Full audit logs capture sensitive admin actions for later review.
Privacy & Your Data
We earn your trust, we don't assume it. Here's what that means in practice.
We never sell, rent, or share your data. Not for ads, not to anyone.
We don't mine your data to train AI models or anything else.
You can export your directory data at any time.
Account deletion is available on request — your data is fully removed.
If you believe you've found a vulnerability in Lightpost, please reach out with responsible disclosure. We take every report seriously and will respond promptly.
Happy to go as deep as you'd like — architecture, threat model, data flow, incident response. Just ask.
