Trust & Security Center

We take the security of your data seriously. Learn how Think Mission protects your organization's information with modern, enterprise-grade security practices.

Our Security Commitment

Think Mission is built for mission-driven organizations who need to protect sensitive donor information, constituent data, and organizational communications. We understand that trust is earned, which is why we've built our platform on a foundation of security-first design principles and partner with industry-leading infrastructure providers.

Our platform leverages the security investments of Supabase (database and authentication), Vercel (frontend hosting), and Railway (backend services) - each providing enterprise-grade security controls that would be prohibitively expensive for us to build independently.

How We Protect Your Data

Security measures built into every layer of Think Mission

Encryption Everywhere

All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption. Your data is never stored or transmitted in plain text.

Multi-Tenant Isolation

Row Level Security (RLS) policies ensure each organization can only access their own data. Your data is logically separated from other organizations at the database level.

Secure Authentication

Powered by Supabase Auth with support for email/password, magic links, and social OAuth providers. JWT tokens with short expiration times protect your sessions.

Token Encryption

OAuth tokens for connected social media accounts are encrypted using Fernet symmetric encryption before being stored in our database.

Automated Backups

Supabase provides daily automated database backups with point-in-time recovery, ensuring your data can be restored if needed.

Input Validation

All user inputs are validated and sanitized using Pydantic models to prevent SQL injection, XSS, and other common vulnerabilities.

Infrastructure Security

We partner with industry-leading cloud providers who maintain rigorous security certifications

Supabase

Database & Authentication

  • SOC 2 Type II Certified
  • HIPAA Compliant Infrastructure
  • AWS-hosted PostgreSQL

Vercel

Frontend Hosting

  • SOC 2 Type II Certified
  • Global Edge Network
  • Automatic HTTPS/TLS

Railway

Backend Services

  • SOC 2 Type II Certified
  • Isolated Container Deployments
  • Private Networking

Data Privacy Practices

Your Data, Your Control

  • Export your data at any time in standard formats
  • Request complete data deletion upon account closure
  • No selling or sharing of your data with third parties
  • AI features use your data only to serve your organization

Third-Party Integrations

  • OAuth 2.0 for all social media connections
  • We never store your social media passwords
  • Revoke access to any integration at any time
  • Minimal permission scopes requested

Compliance & Certifications

Our commitment to meeting industry standards

Privacy Policy & Terms of Service

Clear, transparent policies that explain how we handle your data

GDPR & CCPA Alignment

Our data practices align with major privacy regulations including data subject rights and consent management

Q2

SOC 2 Type I (Planned 2025)

Working toward our own SOC 2 certification to formalize our security controls

Responsible Disclosure

We value the security research community. If you discover a security vulnerability in Think Mission, please report it to us responsibly. We commit to:

  • Acknowledge receipt of your report within 48 hours
  • Keep you informed of our progress
  • Not pursue legal action for good-faith security research

Report vulnerabilities to: security@thinkmission.ai

Questions About Security?

We're happy to discuss our security practices in more detail or answer specific questions about how we protect your data.

Contact Security TeamPrivacy Policy