CivVora
Start free
Trust & security

The receipts, plainly stated.

You're trusting us with rosters, donations, and the records of how your community runs. This page is what we have today, what we're working on, and what we won't promise yet — written for a board member doing diligence and an IT lead reading carefully.

How we think about it

Four pillars. The classic CIA-A.

01

Confidentiality

Member rosters, payment history, and donor records are visible only to operators you explicitly authorize. Row-level security keeps tenants isolated even when our own engineers are debugging.

02

Integrity

Encrypted backups with point-in-time recovery. Database migrations are gated by automated and human review.

03

Availability

Hosted on US cloud infrastructure. We keep encrypted backups and design for recovery.

04

Accountability

Administrative changes are recorded, and our access to your data follows a documented support process.

Data practices

What we will and won't do with your data.

01

We do not sell or share your member data.

Not to advertisers. Not to data brokers. Not to "partners." Your roster belongs to your organization, and stops at your organization.

02

We do not train AI on your data.

The compliance assistant uses retrieval against published government sources, not against your tenant. Your members' names, emails, and donation amounts are not in any training set — ours or anyone else's.

03

You can delete everything, and we mean it.

Hard-delete on request is honored, and the deletion propagates through our backups as they age out. We document the timeline in writing.

04

We publish our subprocessors.

They're listed below. We update this page when they change.

05

We will tell you about a breach within 72 hours.

Counted from the moment we confirm one — not the moment we finish investigating. We commit to this in the DPA.

AI in CivVora

The compliance assistant works for you — not the other way around.

We built CivVora's compliance feature because the rules around running a 501(c)(3), a chamber, or an HOA are scattered across fifty states and a thousand counties. AI is good at reading that. It is not infallible. Here's how we keep it accountable.

A human stays in the loop.

Compliance suggestions are surfaced as suggestions. Filing dates, jurisdictional rules, and required forms are reviewable by a person before anything submits or sends.

We cite our sources.

Every compliance answer links back to the underlying state, county, or federal page it was derived from. If we can't cite it, we don't say it.

We tell you when we don't know.

Coverage is uneven across jurisdictions. The assistant will say "we don't cover this yet" before it will guess — and we route those gaps to a real human on our team.

Your data is not in the model.

Your members, transactions, and content are not used for training. The Anthropic API we use is configured for zero data retention.

Subprocessors

The vendors we use to operate.

We list our subprocessors below and update this page when they change.

Vendor
Purpose
Region
Render
Application hosting, database, object storage, key management
United States
Stripe
Payment processing, payouts
United States
Postmark
Transactional email (receipts, password resets)
United States
Resend
Member-facing newsletters and announcements
United States
Cloudflare
CDN, DDoS protection, image optimization
Global edge
Anthropic
AI — compliance assistant retrieval & summarization
United States. Zero-retention API.
PagerDuty
On-call routing for production incidents
United States
Linear
Internal issue tracking. Customer data is never copied here.
United States

Last updated June 1, 2026. Full DPA, including the standard contractual clauses — email legal@civvora.com to start the process.

If something goes wrong

Incident response.

If a confirmed security incident ever affects your members' data, we will notify you in writing within 72 hours of confirming it — counted from confirmation, not from the end of our investigation. We commit to this in the DPA.

Where we stand

What's done, what's in motion, what's not.

We've built the fundamentals in from the start, and we're honest about what's still in progress. Here's where each piece stands.

In place today

Encryption in transit

Every connection is encrypted, and HSTS is enforced on all our domains.

Encryption at rest

Your database and object storage are encrypted at rest.

Encrypted backups

Automated, encrypted backups with point-in-time recovery.

PCI handled by Stripe

Card numbers never touch our servers. Stripe is PCI-DSS Level 1 — we inherit the scope.

Tenant isolation

Single multi-tenant Postgres with row-level security on every table. Every query is org-scoped at the framework layer, with a database-level safety net.

In progress

WCAG 2.1 AA

Self-audited across the operator console.

On the roadmap (or not in scope)

Customer-managed encryption keys

On our longer-term roadmap. Not committed to a date.

HIPAA / BAA

Not in scope today. We will tell you up front if your use case requires it.

Talk to us

Specific question? Ask a person.

Security questions, DPA requests, and subprocessor questions all go to one inbox, monitored by an engineer.

Security inbox
security@civvora.com
For questions about this page
DPA request
legal@civvora.com
GDPR / CCPA / SCCs
Report a vulnerability
security@civvora.com
We respond to security reports.