Security

Last updated: March 2026

Protecting your commission's data is central to how we build and operate DistrictDesk. This page describes the measures we take to keep your information safe.

Encryption

All connections to DistrictDesk are secured with HTTPS (TLS). Data is encrypted in transit between your browser and our servers, and encrypted at rest in our databases.

Data Isolation

Each commission's data is stored in an isolated database. There is no shared data layer between commissions. One commission cannot access another's applications, meetings, or documents under any circumstances.

No Audio Storage

When meetings are transcribed, audio is processed in real time and only the resulting text transcript is retained. Audio files are never written to disk or stored on our servers.

Access Control

All user accounts are named and authenticated individually. Role-based access control ensures that members see only what they need. Administrative actions are restricted to designated commission administrators.

Infrastructure

• Application hosted on Railway (Node.js runtime)
• Cloudflare CDN for edge caching, DDoS protection, and SSL termination
• Regular automated backups of all commission databases
• Infrastructure access is restricted to authorized personnel with multi-factor authentication

Responsible Disclosure

If you discover a security vulnerability in DistrictDesk, we ask that you report it to us privately so we can address it before any public disclosure. Please contact us at hello@districtdesk.org with a description of the issue. We will acknowledge your report within two business days and work to resolve the issue promptly.

Questions

For any security-related questions, reach out via our contact form or email hello@districtdesk.org.