← Back to districtdesk.org

Security

Last updated: April 2026

DistrictDesk is used for official government commission records. We take that responsibility seriously. Here is how we protect your data.

Authentication

Each commission member has a named individual account. Passwords are hashed using bcrypt with 12 rounds — passwords are never stored in plain text and are not recoverable.

Session cookies are flagged HttpOnly, Secure, and SameSite to prevent cross-site attacks. Login attempts are rate-limited to prevent brute-force access.

Transport Security

All data is transmitted over HTTPS with TLS encryption. HTTP Strict Transport Security (HSTS) is enforced. Unencrypted HTTP requests are automatically redirected to HTTPS.

Access Controls

Commission data is isolated. Members of one commission cannot access another commission's data. Role-based access controls limit what each user can view and modify:

Admin: Full access including settings and member management
Editor: Can run reviews, record motions, and generate minutes
Viewer: Read-only access to commission records

Database Security

All database queries use parameterized statements. SQL injection is not possible through any application endpoint. User input is validated and sanitized server-side on all endpoints.

File Storage

Uploaded applicant documents (photos, drawings, PDFs) are stored in Cloudflare R2 object storage. Files are not publicly accessible — access requires authentication and is granted via time-limited signed URLs generated fresh on each request.

AI Processing

AI features are powered by Anthropic's API. Documents submitted for review are processed in real time and are not retained by Anthropic for model training purposes. See anthropic.com/privacy for details.

No audio files are created or stored anywhere. The meeting recorder uses browser-based speech-to-text to produce a text transcript only.

Security Headers

All responses include the following headers:

— Content-Security-Policy
— X-Frame-Options: DENY
— X-Content-Type-Options: nosniff
— Strict-Transport-Security
— Referrer-Policy
— Permissions-Policy

Audit Logging

All AI operations, login events, motion records, and administrative changes are logged with user ID and timestamp. Logs are retained for 12 months.

Security Audit

DistrictDesk completed a 30-test security audit prior to production launch, covering authentication, authorization, injection prevention, rate limiting, and header security. All critical findings were resolved before launch.

Reporting a Vulnerability

If you discover a security issue, please email info@districtdesk.org with the subject line "Security Vulnerability." We will respond within 2 business days and work to resolve confirmed issues promptly.