Security

Epistle makes it easy to communicate with ministry partners safely.

Epistle can be used as a tool for safe communication but is not a replacement for a comprehensive communication strategy. If you are serving in a sensitive context, please consult your organization's security department about any services used for communication, including Epistle.

Security Features

Epistle has three main features designed to help missionaries maintain privacy in their communication:

  • Private posts - this allows missionaries to post updates that are visible only to ministry partners.
  • Invisible mode - this makes a missionary’s Epistle site visible only to ministry partners, otherwise it requires a login.
  • Secure emails - this prevents Epistle from sending any update content to ministry partners and instead sends a notification email about updates.

Security Recommendations

Below are some recommendations for using Epistle (and the internet in general) safely:

  • VPN - Epistle recommends that you use a VPN for all communication, especially if you are serving in a sensitive region. VPNs are used to encrypt all traffic between your computer and a server in another (ideally friendly) location.
  • Pseudonyms - Whenever you're communicating something sensitive, we recommend that you use pseudonyms for people, places, etc.

Epistle in High-risk Contexts

Please consider the following to determine if Epistle is appropriate for your context:

  1. Epistle provides many security enhancements over using email services like Mailchimp for ministry partner updates. We do not, however, recommend that you use Epistle to send updates which, if leaked, would put you, your team, or those you serve in harm's way.
  2. There are some contexts where you can be negatively impacted if it is discovered that you use Epistle at all. Although it is very difficult (or even impossible) to know that you are an Epistle user if you use a VPN, we don't recommend that you use Epistle in these contexts because of the risk of a leak, for example, forgetting to turn on your VPN in a hostile region where your internet traffic is being monitored.

If points 1 or 2 above apply to you, we recommend that you do not use Epistle and that you consult a security professional for a comprehensive strategy that applies to all of your communication and online activities. Because of the risk and complexity of communicating from these contexts, we do not recommend that you develop a communication strategy on your own.

Technical Notes

  • Epistle is hosted with a major cloud provider in the United States.
  • Epistle servers and data stores are only accessible on our private network.
  • 100% of emails sent from Epistle are encrypted in transport (TLS) and are properly authenticated (DKIM, SPF, DMARC).
  • Epistle data is accessible only to specific Epistle employees and data access is logged for auditing, where possible.
  • Epistle data is encrypted at rest.
  • Epistle data is encrypted in transport between client and server (TLS).
  • Service accounts use multi-factor authentication (MFA), where possible.
  • Service accounts use IP whitelisting for access only from our private network, where possible.

Get Started

Epistle is only $12/month.

Thousands of missionaries love Epistle because it's fun to use and it makes it easier to connect with ministry partners.

Start 14 Day Free Trial
Cru YWAM Pioneers Intervarsity Intervarsity

Epistle is used by missionaries in these organizations but is not officially affiliated or endorsed by all of these organizations.