Security & your data
Charity records include safeguarding notes, DBS statuses and employment details. We designed for that from day one.
Isolation by architecture
Every charity gets its own database — not a shared table with a tenant column. Your data is resolved by your own subdomain and can be exported or deleted as a single unit.
Hosting
EU hosting (Hetzner, Finland) with encrypted transport everywhere. Backups are automated and restore-tested.
Access & audit
- Passwordless sign-in via time-limited magic links; sessions are server-side and revocable.
- Role-based permissions on every endpoint — trustees, council and volunteers see different things, enforced server-side.
- An append-only audit trail records every change, with field-level diffs.
Integrations & AI
- Xero tokens are encrypted at rest (AES-GCM); scopes are read-only and minimal.
- The AI copilot only ever sees data the asking user is permitted to see, and its suggestions are recorded — it never silently changes records.
Your rights
Your charity's data belongs to your charity. Export it any time; on leaving, we delete it on request — one database, cleanly. Questions or a due-diligence questionnaire? Get in touch — we answer them properly.