Invitation Models

Should you encourage congregants to sign up for Realm on your website or should you send invitations? This article explains each invitation model.

In order to take full advantage of all that Realm has to offer, you'll want to make it as easy as possible for congregants to find small groups, communicate with each other, access personal giving history, or register for events. But it's also important to balance this transparency with privacy concerns and understand the benefits and risks of both invitation models. You'll need to decide if congregants will be allowed to register for events and/or anonymously give online to your church.

Tip: Keep in mind that invitation models are not "set-it-and-forget it". As an administrator, you can easily change your invitation model to serve various strategies or goals. You can also mix and match invitation models with giving forms or specific URLs to make giving or registering for events easier for your community of faith.

There are three types of invitation models. By default, all accounts are set to the invite only model when you first purchase or convert to Realm.

To see what invitation model you're using, check the Invitation Model section on your church profile. You can change your invitation model by clicking and selecting Edit Info. Here you can select from the invitation model types:

  • Invite Only - Individuals can only be invited by the church. They can not send a request to create a Realm account.
  • Invite + Realm Account Sign Up Requests - Individuals can be invited by the church and can send a request to create a Realm account. Administrators must approve or decline the request.

  • Open - Anyone can automatically sign up and create a Realm account.

For more information, see the Best Practices Guide.

Benefits and Risks of Each Invitation Model

Table 1.
FeatureOpen Invitation Invite Only Invite + Realm Account Sign Up Requests
Reduce possibility of duplicate recordsXX
Church controls who receives an invitationXX
People join without an invitation being sent from someone at the churchX
People can send a request for a new account, which must be approved by someone at the churchX
Reduced need to monitor the Overview dashboardXX
Greater responsibility on church leadership to educate congregants about privacy settingsX
Best used for campaigns, promotions, or limited occasionsX

Invite Only Model

Adding people by invite only is the most secure method of inviting people to use Realm.

The invite only model provides you with the most oversight. With invite only, congregants can join Realm only by invitation sent from authorized users. With invite + Realm account sign up requests, individuals can also send a request to create a new account. An administrator must approve or decline congregant profile requests from the Task page. Invite only is the default setting, and we recommend that you keep this setting until you have the opportunity to educate your congregants about privacy settings.

Since only users with a login can enter, any new users of your site must first be issued an invitation. To invite congregants into Realm, an administrator, a group leader, or a servant team leader with the correct permissions will need to send invitations. There are a number of ways to send invitations.

  • When adding a new profile

  • From reporting dashboards
  • From pathways
  • Via groups

  • By query and mass invitation

Open Invitation Model

Before choosing an open invitation model, be sure you understand the challenges with this method of inviting people into Realm.

The open invitation model allows visitors to your website or visitors with your customized Realm URL (onrealm.org/yourchurchnamehere) a way to create a login on their own. When using this model, you do not need to invite people in, but you do have a responsibility to educate your flock about their personal privacy settings. You'll also want to monitor your activity dashboard on a daily basis to see who has signed up.

CAUTION: Before choosing this model, we recommend that churches thoroughly understand their responsibilities in protecting the privacy of their church data by understanding how member's information can be misused. We also recommend this option be used for limited periods of time.

Because new registrants can view the online directory (including non-private profile information), we recommend using the open invitation model for a limited period of time, such as when you first roll out Realm, a specific promotion period, or season when you want to encourage people to sign up instead of sending out invitations. See What Can New Registrants See?

  • To check what invitation model you're using, view your church profile. If the Allow anyone to sign up check box is selected, you are set to an open invitation model, which means the Register now link on your sign-up page is visible. Remember, you can change your invitation model at any time.

Do I Need to Use the Open Invitation Model for Online Giving Forms or Event Registration?

The answer to this question is..."It depends on your goal." There are options for encouraging non-registered users to give or sign up to attend an event. If that is your goal, the invite only model will likely be sufficient. If, however, your goal is to encourage people to also create an account in Realm, we suggest you educate your congregants about privacy settings, turn the open invitation model on and then monitor new registrations daily.

  1. To receive online donations, you can use either invitation model along with giving forms published to your web page. See help for "Online Giving Forms". The giving form collects enough information that an non-registered user can give one time or recurring gifts online. If you want congregants to manage their recurring gifts, you can send them an invitation.

    1. Invite only model - Giving forms used with the invite only model DO NOT give a donor the ability to create an account.

    2. Open invitation model - Giving forms DO give the donor the ability to create an account.

  2. Similarly, you can create a URL that allows people without logins to register and pay for events through your website. Search help for "Share a Registration Event Link."

    1. Invite only model - You can register for an event and you can make a partial or full payment for the event without creating an account.
    2. Open invitation model - Functions the same as the invite only model. You can register for an event and make a partial or full payment for the event, but you cannot create an account during the registration process.
Tip: To locate help (product documentation), in the upper-right corner of Realm, click the question mark in a circle icon.

What Can New Registrants See?

This article explains what new account holders can see right after they create an account in Realm and before they are added to groups other than the system groups.

When congregants first register for an account, they may be placed in one or more predefined (also known as system) groups, depending on their profile. The important thing to remember is that if using the open invitation model, everyone who registers via the Register Now link is placed in your church group. All users in these system groups can see:

  • The online directory. For specifics, search help for "Privacy and the Online Directory". We strongly recommend that you ask permission before including a congregant in the online directory.

  • Communication (inbox and chat) sent to any of the predefined system groups. (In most cases, this is the church-wide group.)
  • Events published to the church group. For specifics, search help for "Predefined Groups".
  • Their personal giving history.
  • A list of groups. Only an administrator can add a new user to a custom group, such as Spiritual Formation Class, Sunday School Class, or Youth Group.

Because of this, church leadership should explain or demonstrate to congregants how to adjust privacy settings. For more information, see Communicate Privacy Settings.

Online directory showing how privacy settings affect display of contact information

Tip: You can view predefined (system) groups, as well as all other groups on the Mange Groups page. Click Admin > Groups > Ministry Areas. Then expand the System Groups ministry area.

Privacy and the Online Directory

People are increasingly sensitive about their personal information being shared online. Use this reference to answer questions about privacy and the online directory.

What is the Online Directory?

Instead of a traditional, printed directory, the directory is in Realm. Being in the online directory means that your online community can see your profile listed when they click Directory in the main menu.

What's visible there?

If you're in the online directory:

  • Your name and photo are visible to anyone with a Realm login.
  • Your contact and personal information, unless you've updated your privacy settings to hide from view, are visible.
  • Registered users in your church community will be able to see groups you belong to, if they're marked public. Group leaders and authorized users determine if groups are public, hidden, or only visible to certain users with permissions.

Who is/is not in the online directory?

Most congregants with a profile (record) in Realm can be added to the online directory. The following, however, cannot:
  • Registered users (aka users with a login), because they are automatically added to the directory.
  • Anyone with the family position of "Child" who does not have a birthday in their profile. (Their privacy settings cannot be opened even by their parents.)
  • Businesses.
  • Inactive profiles.
  • Profiles of those who have been marked "deceased".

Changing Privacy

Who can change a congregant's privacy or add them to the online directory?

  • Administrators.
  • Anyone with the Edit Individual permission.
  • Family members with a "Primary" family position—head, spouse, or similar status—can change privacy settings for other members of their family; those with the family position of "Child" cannot change their own privacy; those with the family position of "Other" can.
  • Registered users can change their privacy settings. (This does not apply to those with a family position of "Child").

Notifications

For the most part, whenever a person's privacy is changed, Realm automatically sends an email to inform them of the update. This happens regardless of who made the change: the profile owner, a family member, or a user with permission. In the case where a child's privacy is updated, the email is sent to the primary members (typically parents) in the child's family.

Emails are sent whether the privacy change is made from an individual profile or, in mass, using custom queries.

If, however, the person does not have a login AND has not been opted in to the directory, no email will be sent. This is to minimize questions from individuals not active in Realm who may be confused by the purpose of the email.

Updating Privacy Settings for Someone Else

Registered users of your Realm site can view and register their privacy settings. But there might be times when you need to do it for them.

When you change an individual's privacy settings, he or she will be notified automatically by email. Changes are also recorded in the Customization History section of the privacy page. In order to provide the most current information, the Customization History section displays privacy changes from the past 12 months.

When you change someone's profile privacy, Realm will automatically send them an email listing the new settings. (A popup message will remind you of this.)

But there is an exception to this safeguard. No email is sent if:
  • the owner of the profile does not have an email on file
  • the profile has not been opted in to the online directory

View/Edit Someone's Privacy Settings

Registered users of your Realm site can view and manage their own privacy settings. But there might be times when you need to do it for them.

To view a user's privacy settings, you must have the Edit Individual permission set to Allow in your list of responsibilities. If an administrator marks information, such as emails or phone numbers, as visible to users, the View Details for Individuals permission must be set to Allow in order for the user to view the information.

For more, see Responsibilities.

  1. Locate and open the user's profile.
  2. Click to the privacy icon padlock icon with the word Privacy.
  3. A detailed list of settings opens.
    For people without a login, the check box Opt in to Online Directory is visible. If selected, this individual's profile is searchable by others in Realm, even if he or she never creates a login.
  4. Select one of the options to apply that setting to all information on the profile, or click Custom Privacy to select a setting for each field.
  5. Other members in this person's family display on the left. Click each family member's name, and select a privacy option.
  6. Click Save.

Check Your Overview Dashboards

When using the open-invitation model, it's very important that you monitor your overview dashboards for new registrations and unusual activity.

While using the open-invitation model, you should monitor registration and login activity daily. You can filter this list to see individuals who added themselves. Look for names you do not recognize or strange email addresses. If you see anything suspicious, remove the registrant and consider turning off the open-invitation model until you can investigate further.

Tip: It takes all of us being continually vigilant when it comes to online security and privacy. Criminals will do just about anything to obtain verified email addresses with the intent of conning sympathetic people out of their hard-earned cash. A common tactic, for example, is to break into an email server to obtain large lists of email addresses or cell phone numbers, or to access and hold church data hostage for a sum of money. Another potential tactic is registering for a login in order to access personal contact information. These miscreants then send emails or texts that appear to come from the pastor of the church, but are, in fact sent from servers that usually reside in foreign countries. These emails often include gift cards scams or other fake requests for financial assistance. To read more, see Security Takes All of Us.


Click any of the blue categories of individuals to view, filter, or sort detail.



Communicate Privacy Settings

Here are resources you can use to help educate congregants about privacy settings and the online directory.

Many people regard the church as a safe haven. In fact, in a broken world, they desperately need the church to be a safe place for them and their family. While congregants may rarely consider the online tools and data their churches and denominational offices use on a daily basis, we do and we know you do as well! For this reason, ACST dedicates an abundance of time and resources to protecting the privacy and security of Realm data. And we strongly recommend transparency with congregants and parishioners when it comes to protecting them and their privacy.

We encourage you to educate and communicate with your staff and congregants on the importance of managing privacy settings in Realm. Share your internal policies for safeguarding data and vulnerable members, and make sure people know how you plan to communicate financial needs in your church.

While you'll write a message that suits your particular situation, we provided a sample communication below to get your thoughts flowing around this topic. We'll continue to update the online resources mentioned in this article as well.

Sample Email to Congregants

Dear [First Name],

We understand that your online privacy is important to you. For this reason, we'd like to routinely communicate about how we conduct the business of the church. For example, our staff reviews all new Realm registrations, and will work to engage and legitimize all new members with a welcome for the purpose of protecting others. We run annual background checks for anyone directly involved in ministering to children and vulnerable adults. Additionally, we'll never ask you directly for money or gift cards, but instead will ask that you give through various funds set up by the church.

While we want to encourage community, especially among teams and small groups, we recognize that not everyone is comfortable sharing personal information church-wide. Please take a few minutes to sign into Realm and update your privacy settings.

To review your privacy settings, go to [Your URL], and, in the upper-right corner, click Manage Privacy. For your convenience, here's an explanation of privacy settings.

Online Resources

Tip: To locate help (product documentation), in the upper-right corner of Realm, click the question mark in a circle icon.

Set Your Privacy Preferences

Control who sees your personal information.

Many find the online directory in Realm invaluable for locating contact information, putting faces with names, and matching children and spouses to names. For various reasons, however, some like to limit who can see contact and personal information. You can revise your privacy settings so this information is limited to administrators or the members of small groups or teams you're involved with. Of course, you can also make your contact information available to everyone with a login to your site. See Privacy Settings.
  1. Log in to your church's Realm site.
  2. Click your name in the upper-right corner, and select Manage Privacy.
  3. Select your name, or the name of a family member.
  4. Select the privacy option you're comfortable with, or click Custom Privacy and select options for each field.
  5. Click Save.

Understanding Privacy Settings

Learn what your privacy settings mean and how to keep your personal information protected.

Table 2. Privacy Settings Table
Privacy options What this option means
Anyone in the churchEveryone with a login, including church staff and congregants, can see your contact information and birthday. (This option is not available to children.)
Leaders & groups/serving team membersFellow group members and leaders can view your personal information. If you or a family member do not have a birth date on file, this option is unavailable. This setting also includes users with permission.
LeadersVolunteers with leadership responsibilities can view your profile. If you or a family member do not have a birth date on file, this option is unavailable.This setting also includes users with permission.
Users with permission only Administrators, church staff, and other people assigned by the church can view your profile and personal information.

Security Takes All of Us

The security and privacy of your data is a shared responsibility.

Our relationship with our customers is built on trust. Protecting our customers' data is a responsibility we take very seriously. However, pastors and church leaders also bear responsibility in safekeeping data for members and the church.

People are increasingly sensitive about how their data is collected and used. The article can you help answer some basic questions, but you'll want to invest time and resources into creating a plan for your employees and volunteer leadership to follow. Please visit our legal section regularly for information about our legal policies, FAQs, and advice for security tips and best practices. If you have any other questions, please feel free to email us at risk@acst.com.

Tip: A subscription to MinistrySmart Pro Staff Pass provides access to several courses on the subject of protecting your church data. Log in to Realm. In the upper right corner, click the MinistrySmart icon and search "Protecting Church Data" for a list of current courses.

Please visit our Church Growth blog for security and privacy related articles. In particular, check out these articles:

Information Security for Staff and Volunteers, Information Security for Congregants and Parishioners, or Security for Your Computer and Systems.

How ACST protects your Realm ChMS data

  • Realm ChMS is hosted in Amazon Web Services ("AWS") US East 1 regional zone. The computer servers hosting Realm are implemented using AWS recommendations and industry best practice security configurations. All server configurations are extensively documented for compliance with the Payment Card Industry Data Security Standard .

  • We encrypt and store all client data backups in redundant cloud storage locations for backup and disaster recovery with 24x7x365 access. Cloud storage data encryption uses AES 256 bit encryption.
  • Each individual church's data is stored in a multi-tenant relational database. Internally, each church's data is stored in its own table. The table is indexed and accessed solely using unique ID's in the database. Any data needed is called by an algorithm call to either post data to or retrieve the data back from the database, ensuring integrity and segmentation. No data crossover is possible using this method.
  • Only a limited number of authorized ACST employees located in the United States are allowed access to client data.

How you can help protect your data

  • Be sure you know you can see your personal information, and update your privacy settings accordingly.

  • Administrators should review new account registrations daily when your church is using the open-invitation model.
  • For the best experience, we recommend that you always update your browsers, whether you're using a computer, a tablet, or a mobile device. Using outdated browsers can introduce vulnerabilities and potentially allow malware or other threat actors into your system.

  • Keep your operating system current and check the system requirements of the software vendors you use. If they allow operating systems that have experienced "end of life", they pose a threat to your system - even if your computers are up to date. For example, as of January 14, 2020, Microsoft stopped supporting Windows 7.
  • Use strong, unique passwords and don't share passwords or logins with others.
  • Use antivirus software and update it daily.