Church Management Platform — Technology Overview

About This Document

This document summarizes the technology behind Church Management Platform for church leadership and decision-makers. It covers the technology stack, API capabilities, security practices, data management, and hosting—with enough key terms to discuss with technical advisors.

How It Works

The system has two main pieces that work together: a backend server (handles data, business rules, and security) and a frontend interface (what people see in the browser). They communicate through an API—a structured set of commands that keeps everything organized and secure.

Web Browser
Staff, members, kiosks

→

Frontend
React application

→

REST API
Secure data gateway

→

Database
PostgreSQL

What is a REST API? A REST API is the industry-standard way for software systems to talk to each other over the internet. It means the web frontend, the mobile app, and third-party tools all access the same data through well-defined, secure endpoints—without needing direct database access.

Technology Stack

Every piece of technology below is open source or industry standard—widely used, well-documented, and supported by large developer communities. This means there is no vendor lock-in and any qualified developer can maintain or extend the system.

Backend (Server-Side)

.NET 9 / C# Microsoft's enterprise application framework. Used by companies like Stack Overflow, UPS, and GE Healthcare. Known for performance, security, and long-term support. Enterprise Standard

ASP.NET Core The web framework within .NET that powers the REST API. Handles routing, authentication, and request processing.

Entity Framework Core An ORM (Object-Relational Mapper) that lets the application talk to the database using C# code instead of raw SQL—reducing errors and improving maintainability.

Database

PostgreSQL A world-class open-source relational database, trusted by Apple, Instagram, Spotify, and the US Federal Government. Free to use with no licensing fees. Enterprise Standard

Frontend (What Users See)

React The most widely-used JavaScript library for building user interfaces, developed by Meta (Facebook). Used by Netflix, Airbnb, and thousands of enterprise applications. Modern Standard

TypeScript A typed superset of JavaScript that catches bugs before they reach users. Increasingly considered the industry default for professional web development.

Vite A modern build tool that bundles the frontend code for fast loading in browsers. The current community standard, replacing older tools like Webpack.

Third-Party Services

Twilio Industry-leading SMS platform used for phone number verification during registration. Pay-per-message pricing (fractions of a penny per text).

Google OAuth Allows members to sign in with their Google account—no separate password to remember. Uses Google's own security infrastructure.

Gmail SMTP Sends system emails (password resets, event invitations, group notifications) through Gmail's reliable mail servers.

Stripe Primary payment processor for one-time and recurring donations. Supports credit/debit cards, bank ACH transfers, Apple Pay, and Google Pay via Payment Intents API. Recurring gifts use Stripe Subscriptions API with automatic invoicing. Webhook integration for real-time payment status updates. Live

PayPal REST API v2 integration for one-time donations. Supports PayPal balance, linked bank accounts, and debit/credit cards via Smart Buttons. Nonprofit rate: 1.99% + $0.49 per transaction. Live

Platform Integrations

Planning Center Fully integrated two-way API connection with Planning Center (a widely-used church management platform). Inbound sync pulls people, families, and groups from PCO. Outbound push sends locally-created records back to PCO. Real-time webhooks keep person data in sync as changes happen in either system. Designed to fully replace Planning Center as the primary management system. Live

Mailchimp Email marketing integration via Mailchimp Marketing API v3. Outbound push syncs church members (primary emails, names, phone numbers) to Mailchimp audiences with merge fields. Church group memberships are mapped to Mailchimp tags for targeted email campaigns. Inbound webhooks track unsubscribes and profile updates in real time. Batch API support for efficient bulk operations. Live

Full documentation See the Planning Center API Integration document for the complete write/read capabilities matrix, all endpoints, entity mapping, and sync architecture details.

API & Integration Capabilities

The system is built API-first, meaning every feature is available through structured, documented REST endpoints. This is the same architecture used by modern services like Stripe, Twilio, and Google.

What This Means in Practice

Mobile app — the companion mobile app (React Native, iOS & Android) uses the exact same API as the web application, with zero backend changes. See the Mobile App documentation.
Third-party integration — full two-way Planning Center sync is live and operational; other church tools (giving platforms, volunteer scheduling, worship planning) can connect through the same API.
Kiosk independence — the lobby kiosk runs as a lightweight client calling the API, meaning kiosk hardware can be swapped without touching the server.
Separation of concerns — the database, server logic, and user interface are independent layers. Any one can be updated or replaced without disrupting the others.

API Coverage

The REST API currently provides over 80 endpoints organized into these areas:

Area	Capabilities
Authentication	Login, registration, Google sign-in, password reset, phone verification
People & Families	Search, create, edit, photo upload, verification workflow
Groups	Department hierarchy, membership management, leader assignments
Small Groups	Browse, join requests, leader messaging, attendance tracking
Events	Single and recurring events, series management, group linking
Registration	Individual and bulk registration, custom forms, email invitations
Check-In	Phone lookup, auto event matching, batch check-in, security codes
Attendance	Event and small group attendance, per-person history
Kiosk	Unauthenticated check-in flow for lobby tablets
Services & Worship Planning	Service types, songs, arrangements, service plans, team management, scheduling, volunteer blockouts
Giving	Fund management, manual donation entry, PayPal integration (create order, capture, webhooks), donor history, giving reports
Forms	Custom registration forms, form submissions, email invitations with event schedules
Planning Center Integration	Two-way sync (people, families, groups), outbound push, real-time webhooks, sync progress tracking
Mailchimp Integration	Outbound push (members with merge fields, church group tags), inbound webhooks (unsubscribe, profile update), batch API, admin sync UI
Feature Flags	Module enable/disable toggles for per-deployment configuration
User Feedback	Feedback submission (categorized), admin review, resolution tracking, admin notes
Activity Feed	Recent activity summaries and paginated detail across eight categories (families, people, events, check-ins, registrations, forms, submissions, donations)

Security

The system uses multiple layers of industry-standard security practices:

JWT authentication — every request is verified with a signed token (the same mechanism used by banking and healthcare applications).
Role-based access control — eight defined roles (Super Admin, Admin, Staff, Event Coordinator, Check-In Admin, Group Leader, Volunteer, Member) control who can see and do what. Admin-only features are enforced on the server, not just hidden in the interface.
Password hashing — passwords are stored using BCrypt, a one-way hash. Even database administrators cannot see user passwords.
HTTPS encryption — all data in transit is encrypted via SSL/TLS certificates (managed automatically by Let's Encrypt).
Phone verification — new accounts verify their phone number via a one-time SMS code (Twilio Verify API) before accessing the system.
Child safety codes — check-in generates a unique security code that must be presented for child pickup.

← Back to Documentation Home

Feature Modules

The platform is organized into independent feature modules that can be enabled or disabled per deployment. This allows each church to tailor the system to their needs — turn on only the modules you use, and keep the interface clean.

Available Modules

Module	Controls	Tier
People & Families	Family pages, People search	Included
Groups	Church Groups, Small Groups	Included
Events	Events calendar, registrations	Included
Kiosk	Check-In, Kiosk mode	Included
Giving	Donations, funds, giving history	Included
Forms	Registration forms, invitations	Included
Reports	Membership & attendance reports	Included
Services	Worship planning, songs, schedules	Add-On
Mobile App	Companion iOS & Android app	Add-On
PCO	Planning Center sync (in Configuration)	Add-On
Mailchimp	Mailchimp email marketing sync (in Configuration)	Add-On

How It Works

The Superadmin manages modules at Configuration → Feature Modules using simple on/off toggles.
When a module is disabled, its sidebar items are hidden and its routes are blocked. If someone navigates directly to a disabled module's URL, they see an informational page explaining that the module is not currently active.
Dashboard buttons and Recent Activity filter chips also respect module status — disabled modules won't clutter the interface.

Tip: Disabling a module hides it from the interface but does not delete any data. You can re-enable a module at any time and all previous data will still be there.

Church Branding & Customization

Every deployment is branded to your church through application settings — no code changes required. The platform reads church identity information from configuration and displays it consistently across the web interface, mobile app, emails, and SMS messages.

What Can Be Customized

Church logo — displayed in the web header bar, login/registration/password-reset pages, kiosk check-in header, and the mobile app home screen
Church name & display name — used in page titles, email from-name, email subjects and body text, SMS verification messages, and the header bar. The display name is computed automatically (see below)
Tagline — shown on the mobile app hero banner
Service times — parsed and displayed on the mobile home screen church info card
Contact information — address, phone, email, website, and mailing address
Giving methods — Zelle email, Venmo handle, CashApp handle, and bank ACH details shown on the Give page. Empty values are automatically hidden from the interface
Tax status, livestream URL, and external giving link — available for use across the platform

Display Name Logic

The platform automatically computes a display name from the church name. This display name appears in the header, browser tab titles, emails, and SMS. The logic handles three cases:

Name ends with “Church”
“Your Community Church”

→

Display Name
“Your Community Church - Management Platform”

Name without “Church”
“Hope Fellowship”

→

Display Name
“Hope Fellowship Management Platform”

No name configured
(empty)

→

Default
“Church Management Platform”

Logo Contains Church Name (LogoIncludesName)

When a church’s logo image already contains the full church name, the LogoIncludesName setting should be set to true. In this case, the platform hides the church name text next to the logo and shows only the platform suffix — avoiding redundancy. The suffix shown depends on whether the church name ends with “Church”:

Logo has name ending with “Church”
e.g. logo reads “Your Community Church”

→

Text shown
“Management Platform”

Logo has name without “Church”
e.g. logo reads “Hope Fellowship”

→

Text shown
“Church Management Platform”

When LogoIncludesName is false (or not set), the full computed display name is shown alongside the logo as described above. Browser tab titles always use the full display name regardless of this setting.

Where Branding Appears

Surface	What’s Shown
Web — Header bar	Logo image + display name (or platform suffix when `LogoIncludesName` is on)
Web — Login / Register / Password Reset	Logo image centered above form + display name or platform suffix as heading
Web — Kiosk check-in	Logo + display name or platform suffix in kiosk header (public-facing)
Web — Browser tab titles	“Display Name / Page Name” on all 30+ pages (always full display name)
Mobile — Home screen	Logo + display name or platform suffix in header, tagline in hero banner
Mobile — Church info card	Address, service times schedule, website link
Email — From name	Display name (or custom override via Email:FromName setting)
Email — Content	Password reset subject/body, form invitations, join request notifications
SMS	“Your [Display Name] verification code is: [code]”

Configuration Reference

All branding fields are configured in the Church section of application settings. Every field is optional — empty values fall back to sensible defaults or are hidden from the interface.

Setting	Description	Example
`Name`	Church legal or common name. Used to compute the display name	Your Community Church
`LogoPath`	Path to the logo image file (relative URL)	/images/church-logo.avif
`LogoIncludesName`	Set to `true` when the logo image contains the church name. Hides the name text and shows only the platform suffix next to the logo	true
`Tagline`	Church slogan or motto. Shown on the mobile hero banner	A different kind of church
`Address`	Physical address. Shown on the mobile church info card	123 Main St, City, ST 12345
`Phone`	Church phone number	555-123-4567
`Email`	Church contact email	info@yourchurch.org
`ServiceTimes`	Pipe-delimited schedule. Parsed into day + time pairs for display	Sunday: 10:30 AM \| Wednesday: 7:00 PM
`Website`	Church website URL. Shown as a link on the mobile info card	https://yourchurch.org
`MailingAddress`	Mailing address (if different from physical)	PO Box 123, City, ST 12345
`LivestreamUrl`	Livestream or online church URL	https://yourchurch.online.church
`SimpleGiveUrl`	External giving platform URL (if applicable)	https://my.simplegive.com/dl/?uid=abc123
`TaxStatus`	Tax-exempt status designation	501(c)(3)

No code changes needed All branding is driven by configuration. When onboarding a new church, simply fill in the settings above and place the logo image file in the appropriate directories. The platform handles the rest automatically.

Data Management

Current Data

The database holds the church's operational data: approximately 5,800 people, 1,800 families, 150 groups, and 7,300 group memberships. This is the church's system of record, replacing legacy church management software.

Automated Data Archival

As the system accumulates check-in and attendance records over time, an automatic archival process keeps the database lean and fast. Here's how it works:

Real-time tables (check-ins, registrations) hold only the most recent two months of data—optimized for the fast read/write speeds that kiosk check-in demands.
Once a week (Sunday at 3:00 AM), an automated script moves older records into compact long-term storage within the same database. Hundreds of individual check-in records compress into a single summary row per event.
All historical data remains fully queryable for attendance reports and per-person history.

Live Data
Last 2 months
Fast real-time access

→

Weekly Archival
Automated script
Sunday 3:00 AM

→

Long-Term Storage
Compact JSONB format
Full history preserved

Proof-of-concept testing showed this approach can handle years of data efficiently: 62,000 check-in records compressed into 105 summary rows—a 99.8% reduction in row count while keeping every data point accessible.

Why this matters Without archival, a busy church generating 200+ check-ins per Sunday would accumulate over 10,000 rows per year in the real-time table. The archival system keeps that table small and fast regardless of how many years the system runs.

Hosting & Deployment

Where It Runs

The application is hosted on a Virtual Private Server (VPS) running Ubuntu Linux—the most widely-used server operating system in the world. The server is provisioned through Hostinger, a mainstream hosting provider.

Domain: accessible via a custom HTTPS domain
SSL/TLS: certificates auto-renewed by Let's Encrypt (free, industry standard)
Reverse proxy: Nginx handles incoming traffic and serves the frontend
Process management: systemd ensures the application auto-starts on server reboot

Deployment Process

Updates are deployed by building the code locally and copying the compiled files to the server. The process takes about two minutes and causes less than 10 seconds of downtime (service restart). Database schema changes can be deployed independently when needed.

← Back to Documentation Home

Industry Standards & Best Practices

Key terms a technical reviewer would look for:

Practice	What It Means
Clean Architecture	Code is organized into independent layers (API, business logic, database, shared utilities) so changes in one area don't break others.
REST API	The standard way modern applications communicate—stateless, cacheable, and well-understood by any developer.
JWT Bearer Tokens	Secure, stateless authentication tokens that don't require server-side session storage.
RBAC	Role-Based Access Control—permissions are tied to roles (Admin, Staff, Member), not individual users.
E.164 Phone Format	International standard for storing phone numbers (e.g., +18055551212), ensuring consistency regardless of how users type them.
BCrypt Password Hashing	One-way cryptographic hashing—passwords cannot be reverse-engineered even if the database were compromised.
OAuth 2.0	The protocol behind "Sign in with Google"—delegates authentication to Google's infrastructure.
Open Source Stack	No proprietary licenses or vendor lock-in. PostgreSQL, .NET, React, and all other components are free and open source.
Code-First Database	Database schema is defined in application code, ensuring the data model and application logic stay in sync.

Backup & Reliability

Protecting church data requires more than just a good database — it requires automated backups, off-site storage, and tested recovery procedures.

Automated Daily Backups

Every night at 2:00 AM, the server automatically creates a complete snapshot of the entire database — every member record, family, group, event, check-in, donation, and attendance record. These backups are compressed and stored locally with 14 days of history.

Off-Site Cloud Storage

Each backup is automatically copied to off-site cloud storage (a separate data center). This means that even if the physical server were completely lost (hardware failure, data center issue), your data is safe in a geographically separate location.

Live Database
Your server

→

Nightly Backup
Compressed snapshot

→

Cloud Storage
Off-site data center

Backup Verification

Having backups is only useful if they actually work. Every week, the system automatically restores the latest backup to a temporary database and validates it — confirming that records are present and the data is intact. This catches corruption or incomplete backups before they’re ever needed.

Recovery Capabilities

Metric	Target	What It Means
Recovery Point	< 24 hours	In the worst case, you lose at most one day of data (since the last nightly backup)
Recovery Time	1–2 hours	Complete server rebuild from backup, including application, database, and configuration
Backup History	14 days	Can restore to any of the last 14 nightly snapshots

Uptime Monitoring

An external service checks the platform every 5 minutes from outside the server. If the site goes down for any reason, administrators are notified immediately by email — often before any church members notice.

Options for Larger Churches

For churches that need higher availability and near-zero data loss, the platform architecture supports additional infrastructure options:

Database replication — a live standby database that stays seconds behind the primary, ready to take over if the primary fails.
Managed database services — cloud-hosted database with automatic failover, point-in-time recovery, and built-in monitoring (additional monthly cost).
Multi-server deployment — multiple application servers behind a load balancer for higher capacity and zero-downtime updates.

Cost-effective for all sizes The base backup system (daily backups + off-site storage + monitoring) costs less than $5/month and provides strong protection for small and medium churches. Higher-availability options are available as add-ons for churches with larger budgets or stricter uptime requirements.

← Back to Documentation Home