Sensitive client information (notes, location details, phone numbers, closure reasons) is stored encrypted at rest and only readable through audited server-side functions that require staff authentication.

Authentication, database access, and storage run on managed infrastructure with row-level security enabled on every table. OAuth tokens for connected services (Google Calendar, LinkedIn, social accounts, signing providers) are never returned to the browser — they live server-side and are accessed only by trusted backend code.

Volunteer and crew accounts use email/password or Google sign-in. Privileged roles (admin, board member, finance, social manager) are stored in a dedicated table and validated on every server call, not on the client.

From clients we assist: name, contact information, county, household details needed to coordinate help, and case notes recorded by staff. This information is shared only with volunteers and partners authorized to work the case.

From volunteers and crew: name, contact information, coverage areas, training progress, time entries, and signed forms required for HR and compliance.

From donors and supporters: name, email, and payment details needed to process a contribution. Card data is handled by our payments processor; we never store full card numbers.

Access to client and HR data is limited to staff roles whose duties require it. Sensitive lookups are recorded in an audit log. Audit log entries are retained according to a documented retention schedule and automatically pruned afterward.

You can request a copy of your information or ask us to delete data we hold about you by contacting us at the address below.

If you believe you have found a security issue, please email us with details and steps to reproduce. Please give us a reasonable opportunity to investigate and remediate before any public disclosure.

Questions about this page, your data, or a possible security issue: hello@blueskiesma.com.

See also our About page and Contact page.