Subsplash operates a unified engagement platform serving over 20,000 churches and ministries worldwide. The company handles a sprawling surface area of customer-facing systems: custom mobile apps, websites, online giving infrastructure, live streaming, media management, group messaging, event scheduling, child check-in systems, and volunteer coordination. Since 2005, they've been consolidating what were once fragmented toolchains into a single platform.
The security posture matters here. Subsplash manages sensitive operational data - donation records tied to payment processing, child attendance logs, volunteer rosters, and streaming infrastructure. The platform ingests live video, stores organizational communications, and processes recurring financial transactions. These aren't theoretical attack surfaces; they're operational requirements that map directly to real threat models: payment card compliance, data residency for minors, access control across multi-role organizations, and API security for third-party integrations.
The company operates with a team of 280+ people and has remained private since founding. They've built custom mobile applications (claiming the first church app in 2009) and have expanded into platform consolidation - replacing point solutions with integrated functionality. This means their infrastructure decisions affect how tens of thousands of organizations authenticate users, store media, handle transactions, and manage access across distributed teams.