Your Data Is as Protected as Your Mission

Encryption

Every byte, encrypted — at rest and in transit.

All data stored on our platform is encrypted using AES-256, the same standard used by banks and government agencies. Every connection between your browser and our servers is secured with TLS 1.2 or higher — the current best practice for data in transit.

Your deliberation content, your contact information, your organization details — all of it is encrypted whether it's moving or sitting still.

Access Control

Your data is yours. No one else can see it.

Your deliberations, transcripts, and account information are isolated at the database level — not just the application level. Each account's data is walled off so that no other user can access it, period.

Passwords are hashed using industry-standard methods, and your identity is verified on every single request. There are no shortcuts, no shared access, no exceptions.

AI & Your Privacy

We never train AI on your data. Full stop.

When you run a deliberation, your question and context are sent to generate steward responses. We use leading AI models from Anthropic and other best-in-class providers. Here's what matters:

• Your data is never used to train AI models. Our AI providers' terms explicitly prohibit using API inputs and outputs for model training. This isn't a setting we toggle on — it's their standing policy.
• Our AI providers retain data briefly for safety monitoring, then delete it permanently.
• Your deliberation transcripts are stored in our encrypted database so you can access them anytime — protected by the same encryption and access controls described above.

Your governance questions stay between you and your Circle.

Payments

No card numbers ever touch our servers.

All payment processing is handled by a PCI DSS Level 1 certified payment processor — the highest level of payment security in the industry. When you purchase a deliberation or subscription, your payment information goes directly to them. We never see it, store it, or have access to it.

Hosting & Infrastructure

Built on platforms trusted by the world's best teams.

Our infrastructure partners are SOC 2 compliant and provide automatic HTTPS, DDoS protection, and encrypted connections at every layer.

Our backend is stateless — no user data is stored on the application server. Everything persists in our encrypted database. Uploaded documents are processed securely for deliberation context. Files are stored encrypted and never shared outside your deliberation. Supported formats: PDF, Word, text, and spreadsheet files up to 25 MB.

API documentation endpoints are disabled in production. Cross-origin requests are restricted to known domains only.

Data Control & Deletion

Your data, your call.

You can request complete deletion of your account and all associated data at any time by emailing info@stewardcircle.com. When we delete your account, your deliberations, transcripts, and personal information are permanently removed from our systems.

Anonymous analytics data (page views with no personally identifying information) is retained separately and cannot be traced back to individual users.

What We Store

We believe in being upfront about what we collect:

• Account information — name, email, organization name, phone (optional)
• Deliberation content — the questions and context you provide, plus AI-generated steward responses
• Anonymous page analytics — page URLs and referrers with no user identification

That's it. No tracking cookies beyond essential analytics. No third-party data sharing. No hidden telemetry.