Your Data Is as Protected as Your Mission
You are trusting Steward Circle with your toughest governance questions. We take that seriously. This page explains how we protect your data, your privacy, and your organization's confidence, in plain language.
Encryption
Every byte, encrypted, at rest and in transit.
All data Steward Circle stores is encrypted using AES-256, the same standard used by banks and government agencies. Every connection between your browser and our servers is secured with TLS 1.3, the current best practice for data in transit.
Your deliberation content, your contact information, your organization details: all of it is encrypted whether it is moving or sitting still.
Access Control
Your data is yours. No one else can see it.
Your deliberations, transcripts, and account information are isolated at the database level, not just the application level. Each account's data is walled off so no other user can access it, period.
Passwords are hashed using industry-standard methods, and your identity is verified on every single request. There are no shortcuts, no shared access, no exceptions.
Your Deliberations Stay Yours
The Circle never learns from your questions. Full stop.
When you bring a question to the Circle, the contents of that deliberation, your question, your context, the stewards' positions, are never used to teach, refine, or improve any reasoning system. Not ours. Not anyone's.
- Your content is never used for training. The reasoning provider that powers the Circle is bound by a contract that explicitly prohibits this. It is not a setting we toggle; it is a standing policy in our agreement.
- Brief safety retention, then permanent deletion. The provider may hold deliberation traffic for a short window for safety review, then deletes it permanently and irreversibly.
- Your transcripts are yours. They are stored in our encrypted database under the same access controls described above, so you can return to them anytime.
Your governance questions stay between you and your Circle.
If you need provider names, contract references, and the technical details of how this works, see the For technical evaluators section below.
Payments
No card numbers ever touch our servers.
All payment processing is handled by a PCI DSS Level 1 certified payment processor, the highest level of payment security in the industry. When you purchase a deliberation or subscription, your payment information goes directly to them. We never see it, store it, or have access to it.
Hosting & Infrastructure
Built on infrastructure trusted by the world's best teams.
Our infrastructure partners are SOC 2 Type II compliant and provide automatic HTTPS, DDoS protection, and encrypted connections at every layer.
Our backend is stateless: no user data is stored on the application server. Everything persists in our encrypted database. Uploaded documents are processed securely for deliberation context, stored encrypted, and never shared outside your deliberation. Supported formats: PDF, Word, text, and spreadsheet files up to 25 MB.
API documentation endpoints are disabled in production. Cross-origin requests are restricted to known domains only.
Data Control & Deletion
Your data, your call.
You can request complete deletion of your account and all associated data at any time by emailing info@stewardcircle.com. When we delete your account, your deliberations, transcripts, and personal information are permanently removed from our systems.
Anonymous analytics data (page views with no personally identifying information) is retained separately and cannot be traced back to individual users.
What We Store
We believe in being upfront about what we collect:
- Account information: name, email, organization name, phone (optional)
- Deliberation content: the questions and context you provide, plus the stewards' positions and the Circle's recommendation
- Anonymous page analytics: page URLs and referrers with no user identification
That is it. No tracking cookies beyond essential analytics. No third-party data sharing. No hidden telemetry.
Vendor assessment, in one place.
If you are a board treasurer, IT director, or vendor-assessment officer, this section names the providers, contracts, and standards behind the commitments above. The Circle is built on a large language model; the engineering around it is what makes the commitments hold.
| Question | Answer |
|---|---|
| Reasoning provider | Anthropic's Claude API. We have requested commercial Zero Data Retention terms with Anthropic; pending finalization, your deliberations are governed by Anthropic's published commercial privacy and data-handling commitments. API inputs and outputs are not used to train, fine-tune, or evaluate any model. Verify Anthropic's privacy policy → |
| Where data is stored | Encrypted PostgreSQL database hosted by Supabase (AWS infrastructure, SOC 2 Type II). Application hosted on Vercel (SOC 2 Type II). All data centers are US-based. |
| Who can access it | Only you. Data is isolated at the database level with row-level security. No other user or organization can see your deliberations. Our team accesses infrastructure only for maintenance, never your content. |
| Used for model training? | No. Anthropic contractually prohibits using API data for model training. Your deliberations are never used to improve, fine-tune, or train any model. |
| Provider-side retention | Anthropic retains API traffic for up to 30 days for safety review, then permanently deletes it. They cannot use that traffic for training under our agreement. |
| Account-side retention | Your deliberations and account data are retained as long as your account is active. You can request complete deletion at any time. |
| Encryption | AES-256 at rest. TLS 1.3 in transit. All connections forced HTTPS. |
| Payments | Stripe (PCI DSS Level 1). No card numbers ever touch Steward Circle servers. |
| How to delete everything | Email info@stewardcircle.com and we will permanently delete your account, deliberations, transcripts, and all personal information. No retention period, no fine print. |
Questions?
If you have security questions, need details for a vendor assessment, or want to discuss our practices before bringing Steward Circle to your board, reach out.
info@stewardcircle.comWe will respond personally. No ticket numbers, no chatbots.
Last updated: April 2026