Logos Bible Software
Sign In

Faithlife Security

Vulnerability Reporting

Faithlife follows the principles of Coordinated Vulnerability Disclosure. If you believe that you've found a Faithlife-related security vulnerability, please report it by sending an email to security@faithlife.com.

The PGP key for security@faithlife.com can be used to send encrypted email.

Data Privacy

We take the security of your data seriously. Learn more about Faithlife’s privacy policy.

Application Security

In-transit encryption

Sessions between your computer and Faithlife are protected with in-transit encryption using TLS 1.2 or better.

Network firewalls

Faithlife monitors potential attacks with several tools, including network-level firewalling.

Software Development Lifecycle (SDLC) security

Faithlife implements static code analysis tools and human review processes to ensure consistent quality in our software development practices.

Payment Card Industry (PCI-DSS) compliance

Faithlife maintains compliance with PCI-DSS requirements and performs annual and quarterly security assessments on our infrastructure, applications, and personnel.

Datacenter Protections

Physical security

Faithlife products are hosted with infrastructure providers with SOC 2 Type II and ISO 27001 certifications, among others. The certified protections include dedicated security staff, strictly managed physical access control, and video surveillance.

Software Security

Patch management

Faithlife’s patch management process identifies and addresses missing patches within the product infrastructure. Server-level instrumentation ensures tracked software packages use the appropriate versions.

Audits, Vulnerability Assessment, and Penetration Testing

Vulnerability assessment

Faithlife tests for potential vulnerabilities on a recurring basis. We run static code analysis and infrastructure vulnerability scans.

Penetration testing

Faithlife uses third-party penetration testing firms multiple times per year to test Faithlife products and infrastructure.

External audit and certification

Our infrastructure providers maintain ISO 27001, SOC 2 Type II, and many other certifications (AWS) (GCP).