New World Scheduler takes data privacy and data security very seriously. We strongly believes that your congregation data is yours, and should be kept safe, secure and private at all times.
We also understand we are living in critical times, and soon the Great Tribulation will arrive. (2 Timothy 3:1)
Data Storage and Security
NW Scheduler stores data on your local computer only and implements modern security best-practises, which makes NW Scheduler far more safe and secure than using PDFs, Excel spreadsheets, Word documents, email, or other similar programs like KHS, Deckhand, TSWin or Hourglass.
New World Scheduler fully complies with the data storage and data retention requirements of sfl.
New World Scheduler implements the following security best-practises:
- All data is stored on your local computer, under your User Profile folder, meaning other users of your computer can’t access it.
- Note: The exact folder is C:\Users\[USERNAME]\AppData\Local\NW Scheduler
- All data is always encrypted, both when the program is open and closed, using a secure 128-bit key.
- New World Scheduler can be password protected.
- All Backup Files are encrypted and password protected.
- New World Scheduler developers, admins and support personnel cannot view or edit any of your congregation or member data, at any time, under any circumstances.
Our data encryption implements the password-based key derivation functionality PBKDF2, by using a pseudo-random number generator based on HMACSHA1.
The Encryption algorithm is Advanced Encryption Standard (AES).
Encryption key length is 128-bit, salt is 256-bits of random entropy, Initialization Vector is 256-bits of random entropy. Derivation Iterations is 2000.
New World Scheduler contains an optional feature called Congregation Sharing that can be enabled by your local elders if they choose to do so. By default, Congregation Sharing is disabled, but it can be enabled in just a few minutes.
Congregation Sharing automatically shares and synchronizes data between approved brothers, allowing all appointed brothers to quickly and easily keep up-to-date with what is happening in the congregation.
Congregation Sharing does not store sensitive or confidential information online, therefore is fully compliant with sfl. Rather, if you choose to enable Congregation Sharing, non-confidential data strings are saved online for distribution to other appointed brothers in your congregation.
Congregation Sharing Security
Two-Factor Authentication (2FA)
Congregation Sharing uses Two-Factor Authentication (2FA). This means in addition to knowing the Sharing Region, Congregation ID and Congregation Sharing Password, a persons Email address is also used to identify and verify they are allowed to connect to the congregation.
A Congregation Administrator will create Person records and enter these brothers Email addresses into New World Scheduler. Next, they add the brothers to Congregation Sharing as Shared Persons.
These brothers can now connect using a 3-step process:
- Connect. The brother must have the correct Sharing Region, Congregation ID and Congregation Sharing Password to connect to your Congregation.
- Identify. They must use their Email to Identify who they are. This must exactly match their Person record.
- Verify. Their computer must be Verified with a Verification Code sent to their Email.
This is very similar to the security processes of jwpub.org and is an extremely secure system.
Congregation Sharing implements the following best-practise security processes:
- New World Scheduler uses both data obfuscation and data encryption to ensure any transferred data strings are meaningless unless viewed inside New World Scheduler.
- New World Scheduler uses end-to-end encryption, which means your data is fully secured before it is transferred to other appointed brothers and cannot be opened by anyone outside your congregation.
- New World Scheduler uses 128-bit Encryption Keys generated on your local computer using your Congregation Sharing Password. This means your local data is converted to randomised and meaningless strings before ever leaving your computer.
- New World Scheduler developers or support personnel do not and can not access your encryption keys or congregation data. It is therefore technically impossible for them to decrypt, view, see or edit your data under any circumstances.
- Data transfer uses HTTPS connections, so it is additionally encrypted on the transport layer (known as TLS).
- The only “data” that ever leaves your local computer are randomised and meaningless strings.
- Each congregation is automatically assigned a unique and obfuscated storage location to transfer the encrypted data strings. Access to this location is restricted to approved Shared Persons who must first authenticate using your unique Congregation ID, Congregation Sharing Password and 2-Factor Authentication.
- If you Disable Sharing, the meaningless encrypted strings are immediately and permanently removed from the sharing server.
New World Scheduler believes your congregation and person data is your own, and you should be able to Import and Export your data as you wish. We also believe that as true Christians, it is both reasonable and right to allow data exchange between other JW scheduling programs.
Therefore, New World Scheduler supports Importing and Exporting data into a variety of common file formats.
Unfortunately, not all software companies agree with us. Some feel that they own your data, and you should be ‘locked into’ using their software programs or websites forever.
It can sometimes be difficult or even impossible to import data from software programs such as KHS, Theocbase, Deckhand, Ta1ks, WinTIM, etc, as they only provide either limited, or no data export methods.
- Only your first name and email are required when using New World Scheduler.
- We do not collect personal information for advertising, tracking or any other purpose.
- New World Scheduler developers or support personnel do not and can not access your congregation or publisher data.
- We do not even know which people or congregations are using NW Scheduler, and we deliberately do not track or record this information.
Data Retention and Expiry
New World Scheduler strictly follows the branch Congregation Records Retention Policy (see sfla).
Obsolete data is removed on January 1, as per sfla direction.
Additional Security Recommendations
We recommend all appointed brothers implement the following security practices:
- Ensure you are using the latest version of Windows and have all the latest Windows Updates installed
- Ensure your Firewall and Anti-virus software is enabled and up-to-date
- Note: We strongly recommend using the free in-built Windows 11 Anti-virus and Firewall software
- Ensure your Windows Login is password protected
- Choose long and secure passwords for your computer, emails and New World Scheduler
- Enable Windows BitLocker
- Keep all external hard drives and USB drives safe and secure
- Keep all printouts or documents well organised in a safe and secure location
Please see Awake 5/12 p. 28 PROTECT YOURSELF! for further suggestions.
Sharing data via Email
New World Scheduler does not use Email or a Mail Server to share or transfer data.
We recommend brothers be very cautious about using any program or application that recommends sharing congregation information via email.
For example, KHS recommends sending a ‘Data Exchange’ file via Email to share and synchronise congregation or person data. They state: “KHS users can easily exchange password protected files with each other via e-mail. Exchanging data is simple, easy, and requires less than a minute on both ends.“
Using Email or a Mail Server to transfer data is extremely insecure and unsafe. In fact, it is one of the least secure methods possible. It is extremely irresponsible to share congregation data via email.
We strongly recommend against using Email or a Mail Server to share data files, for at least the following reasons:
- Email and a Mail Server is almost always not encrypted. All data is freely viewable.
- For example, Gmail, Hotmail, Outlook do not use encryption
- Email is by default sent from server to server in clear text that can be read by anyone while in transit.
- Mail Server data can be easily accessed by any Server or Email Admin, at any time.
- For example: Gmail, Hotmail, Outlook have thousands of Server and Email Admins that can access this data.
- Email and Mail Server data is usually permanently kept on a mail server, even if you remember to click Delete.
- For example: Most large companies have data retention policies that require keeping data for many years.
- Most Email and Mail Servers have built-in “backdoor access” for government agencies. This means they can very easily access any data at any time.
- For example, google “Edward Snowden”.
“Email by default is not and was never intended to be a secure mechanism for sending data,” says Dr. Catherine J. Ullman, Senior Information Security Analyst for UB. “Although you need credentials to log in and access the e-mail in your mailbox, email is by default sent from server to server in clear text that can be read by anyone while in transit.”
New World Scheduler does not use Email or a Mail Server to share or transfer data.
Web-based or Cloud-based apps
New World Scheduler is not web-based. It must be installed locally on your computer.
We recommend brothers be very cautious about using web-based or cloud-based apps (such as Deckhand or Hourglass) to store congregation information. While web-based applications are convenient, we personally feel the direction and principles found in sfl do not permit web-based applications to store congregation data.
Web-based applications (like Hourglass or Deckhand) store all congregation and person data permanently online and do not use end-to-end encryption.
Web-based applications by nature must allow any website administrators, developers and potentially support personnel full access to everyone’s data. This means they can potentially access every single persons data in every single congregation. We do not feel comfortable with this, nor do we feel this complies with the principles and direction in sfl.
Web-based applications are also much more prone to hacking or data theft. They provide a single point for a hacker to attack and obtain every single persons data in every single congregation.
Web-based applications also rely on the honesty and integrity of worldly hosting companies, sometimes located in countries with poor data integrity records.
Web-based applications can even be subject to government or company subpoenas, whereby the software company or hosting company must provide access to everyone’s data.
New World Scheduler is not web based. All data is stored on your local computer, and we use end-to-end encryption. This means your data is truly safe. It cannot be opened or accessed by our developers, support staff, or anyone else.