No Third-Party Sharing

Your information stays with us. We do not share your personal data with outside companies or organizations unless you specifically ask us to. There is no back door. There is no partner program where your details get passed around. If something ever changes in the future, you will hear about it first and have a clear way to say no.

If you did not ask for your data to go somewhere, it does not go anywhere. That is the whole policy.

How We Keep Things Locked Down

Everything we build for security is done in-house. We are not outsourcing your safety to some vendor we barely know. Here is what that looks like in practice:

  • Your data is encrypted at rest with AES-256 and in transit with TLS 1.3 -- the same standards banks use
  • Access inside our team is role-based, so people only see what they actually need for their work
  • We run regular security audits and test our own systems for weaknesses before anyone else can find them
  • Monitoring runs around the clock so we catch problems early, not after the fact

Compliance We Actually Choose

Legally, a community organization our size is not required to follow many of the big data regulations. We follow them anyway because it is the right thing to do, and because you deserve the same protections that people get from much larger companies.

CCPA and CPRA Standards

We give you the same rights that California law gives consumers, whether you live in California or not:

  • You can see exactly what data we have about you, any time you ask
  • You can tell us to delete it, and we will
  • You can correct anything that is wrong
  • If we ever did share data (we do not), you would have a clear way to opt out

GDPR-Level Practices

The European standard for data protection is one of the toughest in the world. We hold ourselves to it voluntarily:

  • We only collect what we actually need -- nothing extra, nothing "just in case"
  • Privacy is built into every tool and feature from the start, not bolted on later
  • When we ask for consent, we mean it -- no dark patterns, no pre-checked boxes
  • We regularly review our own practices to make sure they still hold up
We do not follow these standards because a lawyer told us to. We follow them because this community trusted us with something personal, and we take that seriously.

When Something Goes Wrong

No system is perfect, and pretending otherwise would be dishonest. What matters is what happens next. If there is ever a security incident, here is what you can expect from us:

  • Clear, honest communication -- no vague corporate statements weeks after the fact
  • A team that already knows their roles and has rehearsed for exactly this kind of situation
  • A real plan for every type of incident, tested regularly and updated as threats change
  • Direct notification through our community channels so you are never the last to know

How Our Team Stays Sharp

Good security is not just about technology. It is about people making good decisions every day. Everyone on our team goes through regular training, and we share what we learn with the community too:

  • Every team member completes security training annually -- no exceptions
  • We share monthly updates on security topics that matter to all of us
  • We run workshops for community members who want to learn more about protecting their own data
  • Anyone handling sensitive information gets extra, specialized training on top of the basics

We Keep Getting Better

Compliance is not a box we checked once and forgot about. We treat it as an ongoing commitment that grows alongside our community:

  • Regular audits, both by our own team and by outside reviewers we trust
  • Continuous monitoring of our compliance posture -- not annual check-ins, but daily
  • Transparency reviews led by community members, not just our internal team
  • Frequent updates to our security and compliance practices as the landscape changes

Talk to Us

If you have questions, concerns, or just want to know more about how we handle things, reach out. We would rather answer ten questions than leave one person wondering.

This is your community and your data. We are just the people who promised to look after it. Hold us to that.