How we keep your information safe

Your neighbors' phone numbers are not on the public internet

The resident directory is behind a locked door. You have to be signed in, and the site re-checks who you are on every single page — not just at the front gate. A stranger with a web browser gets a friendly public homepage and nothing else. They do not get a phone book.

No public phone book. On purpose.

Even the board can't read your password

Passwords run through a one-way scrambler before they're stored — the same kind banks use. If someone walked off with the entire database, they'd be holding a list of unreadable gibberish. We genuinely cannot tell you what your password is, which is occasionally annoying and entirely the point.

We never see your credit card

Dues payments go straight to Stripe, the company that quietly handles checkout for a good slice of the internet. Your card number never touches this site. And when Stripe says a payment went through, the site verifies the cryptographic signature on that message — so a clever person can't simply mail us a note reading "trust me, they paid."

The contact form is rude to robots

The public "request access" form stacks four independent layers of bot protection, including an invisible tripwire and a "prove you're human" check. A spam bot gets the same polite thank-you page a real person does and never learns which layer it tripped. We're not being mysterious; we just don't compare notes with robots.

Four locks. One doormat.

Guessing passwords here is slow, dull work

If someone tries to break in by guessing the password over and over, the site notices after a handful of wrong tries and sits them in a time-out. Combined with that one-way scrambler, an automated guessing attack would take roughly forever — long past the point where any sensible criminal wanders off to bother someone easier.

Lost your phone? Sign out everywhere in one click

From your account page there's a "Log out of all devices" button. Left yourself signed in on a library computer, or misplaced a phone? One click and every existing session goes cold instantly — including, yes, the one you're using right now. Better a brief re-login than a lingering open door.

Our forms only take orders from this website

A common web trick gets your browser to quietly submit a form to a site you're logged into from some sneaky third-party page. This site checks that any such request actually came from here and turns the rest away at the door — the form refusing to act on a note slipped under it by a stranger.

The keys live in a vault, not in the code

The site's secret keys sit in a protected vault, kept out of the program's own code and deliberately excluded from the project's history. If a required key is ever missing, the site refuses to start up rather than limp along with a guessable stand-in. It would sooner take a sick day than work unsafely.

Banks' browser armor, switched on

Every page ships with a strict set of behind-the-scenes browser instructions — the same family large banks use — that quietly block a whole category of common web attacks. And pages showing private resident information are marked "never keep a copy," so your details aren't left sitting in a shared computer's memory after you walk away.

Somebody tried to break in. It was us.

In June 2026 the whole site went through two independent security reviews — the digital equivalent of walking the property after dark, rattling every door and window. The verdict: nothing serious, no exposed information, no broken locks. A couple of small "while you're here, tighten this" items turned up and were fixed the same day.

Verdict: nothing serious.