Security & Compliance
Security architecture, data protection, and regulatory compliance documentation.
Canon-Mandated Security Principles
| Principle | Canon Ref | Implementation |
|---|---|---|
| Ledger Immutability | Doctrine 1 | Append-only event store; no destructive updates |
| PII Mutability | Doctrine 5 | Crypto-shredding for erasure; audit trail preserved |
| Fail Closed | Authority ยง1 | Ambiguous security state denies access |
| Vendor Neutrality | Doctrine 3 | No single vendor dependency for security |
Encryption Standards
| Layer | Encryption | Standard |
|---|---|---|
| In Transit | TLS 1.3 | All connections; HSTS enforced |
| At Rest (Database) | AES-256-GCM | PostgreSQL TDE |
| At Rest (Files) | AES-256-GCM | Server-side encryption |
| PII Fields | AES-256-GCM | Per-record key for crypto-shredding |
CANON ยง10: EXPLICIT NON-GOALS
- โ No behavioral ad targeting
- โ No donor data resale or enrichment
- โ No audience profiling beyond explicit consent
- โ No marketing surveillance features
- โ Anonymous donations supported
- โ Campaign participation โ consent for messaging