Trust & security
What we do — and don’t — with your co-op’s data.
This page is for the treasurer, the board member, or the parent who wants to know before saying yes. No marketing language, no certifications we don’t actually have. If something is unclear or missing, email [email protected] and we’ll answer you by name.
The short version.
- —All traffic is HTTPS. All passwords are hashed.
- —Card numbers never touch our servers. Stripe handles every payment end to end.
- —Your co-op’s data is isolated at the database row level — one co-op can’t read another’s roster, even in theory.
- —We back up your database daily and keep a rolling window of restore points.
- —Co-op owners can download a full backup (every table, as CSV plus JSON) from admin settings at any time. Individual members can export their own account from their profile page.
- —We don’t sell, rent, or share your roster. Not with marketing partners, not with curriculum vendors, not with anyone.
The stack, named.
We don’t build the hard parts ourselves. Here’s what we use and why — each link goes straight to the vendor’s own security page so you can verify anything we claim below.
Every card payment runs through Stripe's hosted checkout. Card numbers, expiry dates, and CVVs never touch our servers — we only see a tokenized reference. Stripe is PCI-DSS Level 1, the highest certification for card processors.
Your co-op's data lives in a Postgres database hosted by Supabase. Access is enforced at the row level — a parent can only read rows tied to their family; an admin can only read rows tied to their co-op. Passwords are hashed (never stored in plaintext) and password resets flow through signed, short-lived tokens.
The app itself runs on Vercel. All traffic is HTTPS, and TLS certificates renew automatically. Vercel handles DDoS protection and edge caching; we don't run any servers ourselves that could be left unpatched.
Account emails, announcements, and receipts are sent via Resend. We log every send in an audit trail, honor unsubscribes, and never share your roster with other senders.
Text announcements go through Twilio's carrier-approved A2P messaging pipeline. We verify each co-op's business profile before SMS is enabled, so messages land in the inbox instead of being flagged as spam.
When a page throws an error, we capture it with enough context (route, user, org) to fix it before you email us about it. We scrub form values and request bodies so sensitive input doesn't ride along in the error report.
Your data, your exit.
Co-op owners (and admins with the “view reports” permission) can download a full backup of the co-op from Admin Settings → Data → Download ZIP at any time. The ZIP contains one CSV per table — roster, terms, classes, enrollments, attendance, payments, volunteer hours, announcements, direct messages, events, content pages — plus a full_backup.json with the same data in a single JSON document. No proprietary format.
Every member (not just admins) can export their own profile, family, and student records as JSON from their profile page.
If you decide to leave, download the backup, then email us to close the co-op. Within 30 days your co-op’s data is purged from our active database and aged out of backups. Uploaded files (photos, documents) stay on their CDN — the CSVs include the URLs, and we can deliver the media bundle on request.
Individual parents can request deletion of their personal information at any time by emailing [email protected]. We’ll confirm with the co-op owner if the request affects shared records (like tuition history) before acting.
What we don’t claim.
A lot of apps put logos on their trust page that aren’t earned. We’d rather tell you what we haven’t done so you can decide.
- —No SOC 2 or ISO 27001 audit yet. Those are on the list as we grow. Our infrastructure vendors (Stripe, Supabase, Vercel) are independently audited, but we haven’t commissioned an audit of our own codebase.
- —Not HIPAA covered. Don’t store medical records or anything a HIPAA-covered entity would handle here. We don’t sign BAAs.
- —No third-party penetration test on record. We patch dependencies on a weekly cadence and Sentry surfaces real-world errors, but we haven’t paid an outside firm to try to break in. As we grow, we will.
- —U.S.-hosted only. Data lives in U.S. regions of Supabase and Vercel. If your co-op needs EU or other regional hosting for compliance, we can’t help you today.
Questions? Ask a human.
If you’re evaluating HomeschoolGo for your co-op and need something not on this page — a data processing addendum, a specific question about a vendor, a clarification on retention — email us. A real person replies, usually within one business day.