Your members trust you with their names, emails, and payment info.
We take that seriously. Here's how Somiti protects your community's data, in plain English.
Free to start · No credit card needed
Think about this
Member names and emails in someone's personal Gmail. Dues payments in someone's Venmo history. The full roster in a spreadsheet on someone's laptop. Phone numbers in a WhatsApp group that half the board can't access.
What happens when that person leaves the board?
Somiti keeps your community's data in one place, properly locked down, accessible to the right people, and not stored in anyone's personal account.
Three promises about your data
Credit card numbers never touch our servers
Every payment goes through Stripe, the same payment processor used by Amazon, Shopify, and millions of businesses. Your members' card details go directly to Stripe. We never see them, store them, or handle them.
Stripe is PCI-DSS Level 1 certified. That's the highest security certification in the payments industry.
Your community's data is yours. Period.
We don't sell your member list. We don't show ads. We don't do "anonymized data partnerships." Our business model is subscriptions, not your data.
You pay for Somiti (or use the Circle plan). That's the deal. Nothing hidden.
When someone leaves the board, the data stays safe
Remove a board member's access and they're out. No shared passwords to change. No personal accounts holding community data hostage. The next treasurer picks up right where the last one left off.
Board members see financials. Regular members don't. You control who sees what.
60%
of nonprofits experienced a cyberattack in the last two years
BDO/Ericksen Krentel, 2025
78%
of consumers say financial data is their top privacy concern
Cisco Consumer Privacy Survey, 2024
0
credit card numbers stored on Somiti's servers
Stripe handles every payment (PCI-DSS Level 1)
Cyberattacks on nonprofits grew 30% last year. Volunteer-run groups are targets because attackers assume nobody's watching. Somiti watches.
How we protect your data
Payments
Credit card numbers never touch our servers
Stripe handles every payment. When a member enters their card, that data goes directly to Stripe's servers, not ours. We never see the full number, never store it, never process it.
Stripe is PCI-DSS Level 1 certified, the same security standard required of Amazon, Shopify, and every major payment company. Their fraud detection (Stripe Radar) monitors every transaction for suspicious activity.
Your data
Scrambled in transit. Scrambled at rest.
Everything between your browser and Somiti is encrypted. If someone intercepted it, they'd see gibberish. Same goes for your data on our servers. It's encrypted using AES-256, the same standard used by banks and governments.
Automated daily backups stored in a separate location. If something goes wrong, your data is recoverable.
Access controls
Your tennis club can't see the PTA's data
Even though they're both on Somiti. Every community's data is completely isolated. There's no way for one group to access another group's information.
Within your community, you control who sees what. Board members see financials. Regular members don't. Important actions are logged so you can see who did what and when.
Passwords
We never store your actual password
Not even we can see it. Your password is run through a one-way scrambling process before it's saved. If our database were ever compromised, attackers would get gibberish, not passwords.
Sessions expire after inactivity. Every form is protected against common web attacks. The boring, important stuff that keeps your account safe.
What we do behind the scenes
Security patches applied promptly
Dependencies updated regularly. Known vulnerabilities patched fast, not "when we get around to it."
Every code change is reviewed
No code goes live without a second pair of eyes. Security issues get caught before they reach you.
Automated security scanning
Tools check our code for vulnerabilities continuously. Not just when someone remembers to run them.
Restricted employee access
Access to production data is limited to the people who actually need it. Least privilege, always.
Found something? Tell us.
If you've spotted a security issue, we want to hear about it. Seriously. We won't shoot the messenger.
What to include
- What you found and what it could affect
- Steps to reproduce it
- Screenshots or proof-of-concept if you have them
What we commit to
- Acknowledge your report within 48 hours
- Keep you posted on our progress
- No legal action against good-faith researchers
Contact for security reports
WorkersLab LLC
30 N Gould ST STE R
Sheridan, WY 82801
Website: workerslab.com
Common questions
Is my members' personal info safe?
Yes. All data is encrypted both in transit and at rest. Your community's data is completely isolated from every other community on Somiti. And we never sell, share, or use your member data for advertising. Our business model is subscriptions, not your data.
What happens to our data if we cancel?
If you downgrade to Circle, everything stays (within the Circle plan limits). If you cancel entirely, your data is available for export for 30 days. After that, it's deleted from our active systems. Some records (like payment history) are kept longer for legal and tax purposes.
Can Somiti employees see our data?
Access to member data is strictly limited and logged. Our team only accesses it when you ask us for help with a support issue, and always with proper authorization. We don't browse your member list for fun.
Do you sell or share our members' info?
No. We share data only with services needed to run Somiti (Stripe for payments, for example) or when required by law. That's it. No ad networks, no data brokers, no "partners." See our Privacy Policy for the full details.
What if someone hacks Somiti?
We've got an incident response plan. If a breach affects your data, we'll notify you as required by law and tell you exactly what happened, what data was involved, and what we're doing about it. Credit card numbers wouldn't be part of any breach on our end because we don't store them. Stripe does.
Your members' data deserves better than a shared spreadsheet.
One place for your community's info. Encrypted, backed up, and not stored in anyone's personal account.
Free for clubs up to 50 members · No credit card required