Security & data handling
You're trusting us with real information. Here's how we treat it.
Churches and nonprofits share internal documents and finances to get a useful funding picture. We take that seriously and keep our data practices plain.
Your data stays yours
Anything you upload or enter — documents, your writing, intake answers — belongs to your organization. We use it to build your funding analysis and reports, not to sell or share. You can request deletion of your data at any time.
Encrypted in transit
All traffic to FundSight runs over HTTPS/TLS. Credentials are never stored in plain text — passwords are salted and hashed (bcrypt).
Organization isolation
Your data is scoped to your organization. Every record (intakes, reports, uploads, alerts) is tied to your org and only accessible to your account — never visible to other organizations.
How AI is used
To generate your readiness, report, research, and impact outputs, relevant text from your materials is sent to our AI providers for processing. We send only what's needed for the task. We never present invented facts — outputs are grounded in your own information and sourced.
Backups & durability
The database is backed up daily with verified restores, so your work isn't lost to a single failure.
Honest about what we are
FundSight is an actively developed product, not a compliance-certified enterprise vault. We hold sensitive information carefully and will tell you plainly what we do and don't do — if your situation needs more (a BAA, specific certifications), talk to us before uploading.
Questions about data handling? Reach us before you upload anything you're unsure about.