New World Scheduler Data Security and Privacy

New World Scheduler takes data privacy and data security very seriously. We strongly believes that your congregation data is yours, and should be kept safe, secure and private at all times.

We also understand we are living in critical times, and soon the Great Tribulation will arrive. (2 Timothy 3:1)

Is NW Scheduler safe?

Does the Branch ‘approve’ of New World Scheduler and Congregation Sharing?

Data Sharing Security

Data Ownership

Data Privacy

Data Retention and Expiry

Data Removal and Deletion

Additional Security Recommendations

Additional Advantages

Is NW Scheduler safe?

Yes, NW Scheduler is very safe.

  • By default, NW Scheduler stores data on your local computer only.
  • Data is stored in your Windows User Profile, meaning other users of your computer cannot access NW Scheduler data
  • All data is automatically encrypted using Windows Cryptography both when the program is open and closed.
  • New World Scheduler can be password protected.
  • All Backup Files are encrypted and password protected.
  • New World Scheduler fully complies with the data storage and data retention requirements of sfl.
  • New World Scheduler developers, admins and support personnel cannot view or edit any of your congregation or person data, at any time, under any circumstances.

In addition, NW Scheduler Congregation Sharing uses the latest and best-practice security features, including Client AuthorizationTwo-Factor Authentication (2FA)End-to-End Encryption (E2EE), Secure Data EncryptionStrong PasswordsData Transfer Security, Server Security and Data Retention and Expiry policies.

Did you know?

NW Scheduler is much safer than than using PDFs, Excel spreadsheets, Word documents, email, SMS, web-based systems, Google Drive, OneDrive, Drop Box, WhatsApp, Viber, Google Sheets, etc.

Is NW Scheduler safer than email?

Yes, NW Scheduler is much safer than email.

Emails and Mail Servers are generally an insecure and unsafe way to transfer data, and we recommend brothers be very cautious about sharing congregation information via email, for at least the following reasons:

  1. Emails and Mail Servers is almost always not encrypted. All data is freely viewable.
    • For example, Gmail, Hotmail, Outlook do not use encryption
  2. Email is by default sent from server to server in clear text that can be read by anyone while in transit.
  3. Mail Server data can be easily accessed by any Server or Email Admin, at any time.
    • For example: Gmail, Hotmail, Outlook have thousands of Server and Email Admins that can access this data.
  4. Email and Mail Server data is usually permanently kept on a mail server, even if you delete the data.
    • For example: Most large companies have data retention policies that require keeping data for many years.
  5. Most Email and Mail Servers have built-in “backdoor access” for government agencies. This means they can very easily access any data at any time.

Is NW Scheduler safer than Google Drive, OneDrive or Dropbox?

Yes, NW Scheduler is much safer than Google Drive, OneDrive or Dropbox.

Google Drive, OneDrive and Dropbox are not considered safe and secure locations to store data, for at least the following reasons:

  1. Data stored is not encrypted, and does not use end-to-end encryption.
  2. Data stored is permanent. Even if you delete the data, it is not really deleted, but remains on their servers for an indefinite amount of time.
  3. The worldly companies who own these cloud storage services are primary interested in making money. They usually have very poor security and privacy practices.
  4. The default security settings on most cloud services do not enforce 2-factor authorization, device verification or other best-practices.
  5. Cloud storage services have built in “backdoor” access so governments can access the data.
  6. Consumer based cloud storage services are regularly hacked using a variety of means, e.g. phishing attacks, social engineering attacks, viruses, bad links, etc.

Is NW Scheduler safer than SMS, WhatsApp, Viber, etc?

Yes, NW Scheduler is much safer than SMS, WhatsApp, Viber, etc.

Some messaging applications are more secure than others, and some even offer end-to-end encryption.

However, message applications are much less secure than NW Scheduler for at least the following reasons:

  1. Metadata from your messages are not encrypted (e.g. the who, when, where). This data sent, kept and analyzed by parent companies, who use this information to make money.
  2. The worldly companies who own messaging applications are primary interested in making money. They usually have very poor security and privacy practices.
    • E.G. Facebook owns WhatsApp. The majority of their revenue comes from selling users data.
  3. Most messaging applications collect a lot of data about you. Even if you just install and open it once, it will collect data such as your operator, the unique identifier of your phone, your location, what apps you have installed, etc.
  4. Most messaging applications have backups which are not encrypted.
  5. Most messaging applications do not permanently delete your messages, even if you “delete” them. They are permanently stored on their servers and can be retrieved even years later.
  6. Most messaging applications have built in “backdoor” access so governments can access the data.

Is NW Scheduler safer than online programs or web-based apps?

Yes, NW Scheduler Congregation Sharing is safer than online programs or web-based apps.

While web-based applications are convenient, we recommend brothers be cautious about using web-based or cloud-based apps to store congregation information.

Web-based applications store all congregation and person data permanently online and generally do not use end-to-end encryption.

Web-based applications by nature must allow any website administrators, developers and potentially support personnel full access to everyone’s data. This means they can potentially access every single persons data in every single congregation. We do not feel comfortable with this, nor do we feel this complies with the principles and direction in sfl.

Web-based applications are also much more prone to hacking or data theft. They provide a single point for a hacker to attack and obtain every single persons data in every single congregation.

Web-based applications also rely on the honesty and integrity of worldly hosting companies, sometimes located in countries with poor data integrity records.

Web-based applications can even be subject to government or company subpoenas, whereby the software company or hosting company must provide access to everyone’s data.

New World Scheduler is not web based. All data is stored on your local computer, and we use end-to-end encryption. This means your data is truly safe. It cannot be opened or accessed by our developers, support staff, or anyone else.

Does the Branch 'approve' of New World Scheduler?

New World Scheduler is not an official app or program created by the Watchtower Society. Therefore, New World Scheduler is obviously not “endorsed by”, “recommended” or “officially approved” by the organization.

This makes sense. The organization does not and will not create a list of books, songs, movies, websites, programs or apps we can or cant use. (see w14 7/15 14)

World Headquarters (WHQ) has been in contact with us several times over the years NW Scheduler has been in operation. They are fully aware of New World Scheduler and has no objections to its use, nor any objections to the use of Congregation Sharing.

New World Scheduler and our NW Publisher app are both used by hundreds of thousands of Jehovah’s Witnesses worldwide every single day.

This includes elders, pioneers, missionaries, Bethelites and even Branch Committee members.

Please feel free to read the comments of many spiritually mature elders around the world, including in your local area.

Data Sharing Security

New World Scheduler contains an optional feature called Congregation Sharing that can be enabled by your local elders if they choose to do so. By default, Congregation Sharing is disabled, but it can be enabled in just a few minutes.

Congregation Sharing automatically shares and synchronizes data between approved brothers, allowing all appointed brothers to quickly and easily keep up-to-date with what is happening in the congregation.

Congregation Sharing does not store sensitive or confidential information online, therefore is fully compliant with sfl. Rather, if you choose to enable Congregation Sharing, non-confidential data strings are saved online for distribution to other appointed brothers in your congregation.

World Headquarters (WHQ) has been in contact with us several times over the years NW Scheduler has been in operation. They are fully aware of New World Scheduler and has no objections to its use, nor any objections to the use of Congregation Sharing.

Security Overview

Congregation Sharing implements the following best-practice security processes:

  1. Congregation Sharing uses OAuth 2.0 authorization, including Access Tokens and Refresh Tokens, to provide secure credentials to approved brothers in your congregation.
  2. Congregation Sharing uses Two-Factor Authentication (2FA) to ensure the person connecting is authorized.
  3. New World Scheduler uses both data obfuscation and data encryption to ensure any transferred data strings are meaningless unless viewed inside New World Scheduler.
  4. New World Scheduler uses end-to-end encryption (E2EE), which means your data is fully secured before it is transferred to other appointed brothers and cannot be opened by anyone outside your congregation.
  5. New World Scheduler uses strong passwords to generate your 256-bit encryption key.
  6. A random and unique 128-bit Initialization vector (IV) and 128-bit salt are used for each piece of data transferred, each time the data is transferred.
  7. New World Scheduler developers or support personnel do not and can not access your encryption keys or congregation data. It is therefore technically impossible for them to decrypt, view, see or edit your data under any circumstances.
  8. Data transfer uses secure and encrypted TLS 1.2 connections.
  9. The only “data” that ever leaves your local computer are randomised and meaningless strings.
  10. Each congregation can choose which sharing server they use and where it is located. Data is only ever transferred to and from this one server to approved brothers in your congregation. Data on the sharing server you select is not backed up, saved or transferred anywhere else. Data on the sharing server cannot be accessed by anyone outside of your congregation.
  11. After selecting a server location, each congregation is assigned a unique and obfuscated storage location to transfer the encrypted data strings. Access to this location is restricted to approved Shared Persons who must first authenticate using your unique Congregation ID, Congregation Sharing Password, 2-Factor Authentication and OAuth 2.0 authorization token.
  12. If you Disable Sharing, the meaningless encrypted strings are immediately and permanently removed from the sharing server.

Authorization

Congregation Sharing uses OAuth 2.0 authorization, including Access Tokens and Refresh Tokens, to provide secure credentials to approved brothers in your congregation. This means only authenticated users with the correct credentials can access your encrypted data strings.

Secure credentials only allow access to your congregation, meaning authenticated users cannot even access another congregations encrypted data strings.

Two-Factor Authentication (2FA)

Congregation Sharing uses Two-Factor Authentication (2FA). This means in addition to knowing the Sharing Region, Congregation ID and Congregation Sharing Password, a persons Email address is also used to identify and verify they are allowed to connect to the congregation.

A Congregation Administrator will create Person records and enter these brothers Email addresses into New World Scheduler. Next, they add the brothers to Congregation Sharing as Shared Persons.

These brothers can now connect using a 3-step process:

  1. Connect. The brother must have the correct Sharing RegionCongregation ID and Congregation Sharing Password to connect to your Congregation.
  2. Identify. They must use their Email to Identify who they are. This must exactly match their Person record.
  3. Verify. Their computer must be Verified with a Verification Code sent to their Email.

This is very similar to the security processes of jwpub.org and is an extremely secure system.

End-to-End Encryption

End-to-End encryption is the gold standard for securing sensitive data in digital communications.

Data is encrypted on your local device before being sent, then remains encrypted the entire time during transfer, and is only decrypted by the other computer.

Encryption keys are stored on your local device only. They are never transferred and never seen by any servers.

Most computer systems and programs do not use end-to-end encryption, but both NW Scheduler and NW Publisher do.

Secure Data Encryption

NW Scheduler uses end-to-end (E2E) symmetric encryption. The encryption algorithm is Advanced Encryption Standard (AES) with a password-based key derived by the Argon2id algorithm in conjunction with SHA-256.

Encryption key length is 256-bit.

A random and unique 128-bit Initialization vector (IV) and 128-bit salt are generated by RandomNumberGenerator for each piece of data transferred, each time the data is transferred.

Strong Passwords

Strong Passwords of at least 12 characters, including lowercase, uppercase, numbers and symbols are enforced and required.

Congregations may choose how often to rotate passwords and how long before existing devices must re-verify.

Data Transfer Security

Data is transferred using TLS 1.2.

Both TLS 1.0 and TLS 1.1 are disabled.

Server Security

Congregation Sharing utilizes secure Firebase servers.

Firebase is certified under all major privacy and security standards, including ISO 27001, ISO 27017, ISO 27018, SOC 1, SOC 2 and SOC 3.

Server Locations

  • North America East: Located in South Carolina, USA
  • North America Central: Located in Oklahoma, USA
  • North America West: Located in Los Angeles, USA
  • Europe North: Located in Frankfurt, Germany
  • Europe South and Africa: Located in Zurich, Switzerland
  • Asia Pacific: Located in Sydney, Australia
  • South America: Located in São Paulo, Brazil

Data Ownership

New World Scheduler believes your congregation and person data is your own, and you should be able to Import and Export your data as you wish. We also believe that as true Christians, it is both reasonable and right to allow data exchange between other JW scheduling programs.

Therefore, New World Scheduler supports Importing and Exporting data into a variety of common file formats.

Unfortunately, not all software companies agree with us. Some feel that they own your data, and you should be ‘locked into’ using their software programs or websites forever.

It can sometimes be difficult or even impossible to import data from software programs such as Theocbase, Deckhand, Ta1ks, WinTIM, etc, as they only provide either limited, or no data export methods.

Data Privacy

NW Scheduler has a very strict Privacy Policy designed to protect your personal information. We based our Privacy Policy on the jw.org Privacy Policy. For example:

  1. For elders who use NW Scheduler, only a first name and email are required. This information is stored in an encrypted format, and only used for purposes outlined in our Privacy Policy.
  2. For publishers using NW Publisher app, we do not collect, store, save or use any personal information about any publisher. We do not have access to this information.
  3. We do not collect personal information for advertising, tracking or any other purpose.
  4. New World Scheduler developers or support personnel do not and can not access your congregation or publisher data.
  5. New World Scheduler developers do not even know which people or congregations are using NW Scheduler, and we deliberately do not track or record this information.

Data Retention and Expiry

New World Scheduler strictly follows the branch Congregation Records Retention Policy (see sfla).

Obsolete data is removed as per sfla direction. This is automatically performed on January 1.

Old and unused congregations are automatically removed after 3 months of inactivity.

Data Removal and Deletion

NW Scheduler users can immediately and permanently delete all local data by clicking the Delete Congregation button and then uninstalling NW Scheduler.

  • Note: You will need to manually delete any backups you have saved elsewhere.

Congregation Administrators can immediately and permanently delete all shared data by either Disabling Congregation Sharing, or clicking the Delete Congregation button.

Additional Security Recommendations

We recommend all appointed brothers implement the following security practices:

  1. Ensure you are using the latest version of Windows and have all the latest Windows Updates installed
  2. Ensure your Firewall and Anti-virus software is enabled and up-to-date
    • Note: We strongly recommend using the free in-built Windows 11 Anti-virus and Firewall software
  3. Ensure your Windows Login is password protected
  4. Choose long and secure passwords for your computer, emails and New World Scheduler
  5. Enable Windows BitLocker
  6. Keep all external hard drives and USB drives safe and secure
  7. Keep all printouts or documents well organised in a safe and secure location

Please see Awake 5/12 p. 28 PROTECT YOURSELF! for further suggestions.

Sharing data via Email

New World Scheduler does not use Email or a Mail Server to share or transfer data.

We recommend brothers be cautious about sharing congregation information via email. Using Email or a Mail Server to transfer data is relatively insecure and unsafe.

We recommend against using Email or a Mail Server to share data files, for at least the following reasons:

  1. Email and a Mail Server is almost always not encrypted. All data is freely viewable.
    • For example, Gmail, Hotmail, Outlook do not use encryption
  2. Email is by default sent from server to server in clear text that can be read by anyone while in transit.
  3. Mail Server data can be easily accessed by any Server or Email Admin, at any time.
    • For example: Gmail, Hotmail, Outlook have thousands of Server and Email Admins that can access this data.
  4. Email and Mail Server data is usually permanently kept on a mail server, even if you remember to click Delete.
    • For example: Most large companies have data retention policies that require keeping data for many years.
  5. Most Email and Mail Servers have built-in “backdoor access” for government agencies. This means they can very easily access any data at any time.
    • For example, google “Edward Snowden”.

“Email by default is not and was never intended to be a secure mechanism for sending data,” says Dr. Catherine J. Ullman, Senior Information Security Analyst for UB. “Although you need credentials to log in and access the e-mail in your mailbox, email is by default sent from server to server in clear text that can be read by anyone while in transit.”

New World Scheduler does not use Email or a Mail Server to share or transfer data.

Web-based or Cloud-based apps

New World Scheduler is not web-based. It must be installed locally on your computer.

We recommend brothers be cautious about using web-based or cloud-based apps to store congregation information. While web-based applications are convenient, we personally feel the direction and principles found in sfl do not permit web-based applications to store congregation data.

Web-based applications store all congregation and person data permanently online and generally do not use end-to-end encryption.

Web-based applications by nature must allow any website administrators, developers and potentially support personnel full access to everyone’s data. This means they can potentially access every single persons data in every single congregation. We do not feel comfortable with this, nor do we feel this complies with the principles and direction in sfl.

Web-based applications are also much more prone to hacking or data theft. They provide a single point for a hacker to attack and obtain every single persons data in every single congregation.

Web-based applications also rely on the honesty and integrity of worldly hosting companies, sometimes located in countries with poor data integrity records.

Web-based applications can even be subject to government or company subpoenas, whereby the software company or hosting company must provide access to everyone’s data.

New World Scheduler is not web based. All data is stored on your local computer, and we use end-to-end encryption. This means your data is truly safe. It cannot be opened or accessed by our developers, support staff, or anyone else.

Additional Advantages

Scroll to Top