Product — Governance & Controls

Data controls that are explicit, auditable, and explainable.

Community Bridge handles sensitive member, household, program, donation, and engagement data. Projection governance decides what is allowed to leave the hub, who can receive it, and why — before any data reaches a downstream tool.

Person eligibilityField allowlistsPII classificationAudit recordsPurpose-aware rules

Book a demo See how it works

Every projection answers five questions.

Can this person be projected? Can this field be projected? Can this data go to this destination? Can this data be used for this purpose? What was allowed, blocked, or redacted — and why?

⊘

Person eligibility

Children are blocked from marketing destinations by default. Do-not-contact and do-not-solicit rules are applied before any person reaches a downstream tool. Suppression rules are applied per destination.

⊡

Field allowlists and denylists

Only approved fields leave the hub. Contact PII, behavioral data, sensitive fields, and restricted data are classified separately. Each classification carries its own default projection policy.

◈

PII classification

Hub fields are classified as public, contact PII, behavioural PII, sensitive PII, restricted, or operational. Marketing automation destinations follow a different policy than fundraising or operational destinations.

◎

Purpose-aware projection

Each projection is tied to a purpose — marketing, fundraising, operational, or analytical. Allowed fields vary by purpose. A field approved for fundraising prospecting may not be approved for marketing automation.

⊕

Source-of-truth boundaries

Operational facts remain controlled by the source system. Community Bridge does not overwrite membership status, billing records, or operational data in source systems unless writeback is explicitly approved by the tenant.

≡

Audit records

Every governed projection records the tenant, destination, purpose, policy applied, person suppression reasons, field redaction reasons, allowed fields, blocked fields, and timestamp. Audit records never contain raw PII values.

Community Bridge is designed with SOC 1 certification in mind. Each tenant is provisioned into its own isolated runtime environment and data boundary.

Tenant-isolated

Separate runtime and data boundary per customer

No shared data across tenants

PII classification levels

Public, contact, behavioural, sensitive, restricted, operational

SOC 1

Certification path in progress

Built with auditability as a first-class requirement

Who governance protects

Good data controls protect both the organisation and the people it serves.

Find your hidden opportunities

In 30 minutes, we'll map one department, identify the signals your systems already produce, and show where Community Bridge could surface donor leads, retention risks, program demand, or campaign audiences.

Book a demo

No product pitch. We'll map your first opportunity and show you exactly what's possible.