Trust & Security

A board portal holds some of an organization’s most sensitive material. Here’s exactly how BoardDock protects it, with no hand-waving and no fine print.

Encryption everywhere

All traffic is encrypted in transit with TLS, and your data is encrypted at rest. There is no unencrypted path to your board's materials.

Secure sign-in

Two-factor authentication with an authenticator app is available on every account, adding a second step at login. New passwords are checked against known-breach databases and rejected if they appear, the login form is protected against automated attacks, and members can sign out of all other devices in one click. Google and Microsoft single sign-on are supported too.

Access enforced at the database

Every table is protected by row-level security. The database itself refuses to return another organization's rows, so isolation between boards isn't a UI feature. It's enforced at the lowest layer.

Confidentiality tiers

Meetings, documents, and motions carry visibility tiers (public, board, committee, in camera for executive session, and restricted), checked on every read, so sensitive material is only ever seen by the people entitled to see it.

Role-based access

Owners, admins, officers, directors, staff liaisons, and viewers each get exactly the capabilities their role needs. Administrative actions require administrative roles, verified server-side.

Append-only audit trail

Key governance actions are recorded in an audit log that can't be edited or deleted from the application. It's a permanent record of who did what, and when.

Payments by Stripe

Billing runs entirely on Stripe, a certified PCI Level 1 service provider. Card numbers never touch BoardDock's servers or database.

Resilient infrastructure

BoardDock runs on Vercel and Supabase with automated backups. Our infrastructure providers (AWS, Vercel, Supabase, and Stripe) maintain industry certifications including SOC 2 and ISO 27001.

Privacy-first hosting in Canada

Your data is hosted in Canada (AWS Canada Central via Supabase, with compute in Montréal) under PIPEDA, one of the world's strongest privacy regimes, recognized as adequate by the European Union. The same protections apply to every board, wherever it's based.

Your data stays yours

Export board packages, minutes, and consolidated annual board records to PDF at any time. If you leave, the board owner can delete the entire workspace from Settings (with a 7-day cancellation window), and inactive data is never kept indefinitely: lapsed accounts are permanently deleted after about 90 days, with email warnings first.

Who we rely on

BoardDock uses a small, carefully chosen set of subprocessors. Each one sees only what it needs to do its job.

ProviderPurposeRegion
Supabase (AWS)Database, authentication, file storageCanada Central
VercelApplication hostingMontréal, Canada
StripePayments & billingGlobal (PCI Level 1)
MailerooTransactional emailGlobal

Security questions

How do you protect against stolen or guessed passwords?
Several ways. Two-factor authentication with an authenticator app is available on every account and adds a second step at login. New passwords are checked against databases of known breached passwords and rejected if they appear. The login form is protected against automated attacks, and members can end every other active session from their account at any time. Boards that prefer it can also sign in with Google or Microsoft.
Where is our data stored?
In the AWS Canada Central region, encrypted at rest, with access enforced at the database level. For most boards there's no requirement that nonprofit records be stored in your own country, and our hosting is covered by PIPEDA, a comprehensive privacy law recognized as adequate by the European Union. Wherever your board is based, your data is encrypted, access-controlled, and protected by robust privacy safeguards.
Can BoardDock staff read our board materials?
Operational access is limited to a small, explicitly allowlisted set of operators, used only for support and required maintenance, and administrative actions on our side are logged. We never sell or mine your data, and we never use your board's content for advertising or training.
Who can see our in-camera (executive session) materials?
Only the board members and administrators explicitly entitled to them. The in-camera and restricted tiers are enforced by the database on every query, not just hidden in the interface.
What happens to our data if we cancel?
Your workspace data remains yours, and you stay in control of it. Export what you need (board packages, minutes, and annual board records all export to PDF). If you want everything erased, the board owner can delete the entire workspace from Settings; every admin is notified, and there's a 7-day window to cancel before the deletion becomes permanent. If you simply walk away, we don't keep your data forever either: after about 90 days of inactivity following a lapsed trial or subscription, board data is permanently deleted, with several email warnings first so you can reactivate or export.
How do we report a security concern?
Contact us immediately through the contact page and mark it as a security issue. We take reports seriously, respond quickly, and appreciate responsible disclosure.

Have a security or privacy question we haven’t answered? Ask us directly. We’ll give you a straight answer.