What lives where, and who can see it.
Campaigns hold donor PII, voter outreach plans, and rapid-response messaging. We treat that data with the rigor of a senior consultant’s briefcase — locked, auditable, and never reused.
Authentication
Magic-link sign-in via Supabase Auth. No passwords to phish. Sessions refresh automatically; tokens are HTTP-only cookies on the campaign domain.
Authorization
Postgres Row-Level Security on every table, scoped to the campaign you belong to. Membership is binary — every member of a campaign has full access, re-checked in every server route.
Data residency
All campaign data stored in the United States, on Supabase US-East. Encrypted at rest and in transit. Daily backups with point-in-time recovery.
Donor PII
FEC-compliant fields (employer, occupation) live in the donor record alongside contact info. Audit logs track every access. We do not collect SSN. We do not collect voter file data in v1.
Strategist conversations
Conversations are private to the campaign workspace. We do not use them to train models. We do use anonymized usage patterns to improve the product — disclosed in the privacy policy and easy to opt out of.
AI provider
Claude Sonnet 4.5 via the Anthropic API with Zero Data Retention headers where supported. Anthropic does not use your data for training under that flag.
Compliance disclaimer
Blueprint helps you prepare. Blueprint is not a registered campaign treasurer and does not file FEC or state reports. Verify every filing with a licensed treasurer or attorney.
Found something you want to verify before signing up? Email security@blueprint-campaigns.com and we’ll walk you through the architecture in detail.