Skip to main content
SStandShare

Security and Privacy

Roles

All roles · Organization Admin (step-up auth configuration)

StandShare handles sensitive financial data — family account balances, transaction records, scholarship amounts, and personal information. This page explains the security measures in place to protect that data and what you can expect regarding your privacy.

How authentication works

StandShare is designed to minimize the burden of managing passwords while maintaining strong security. There are three ways to sign in:

You can sign in using your existing Google, Microsoft, or Apple account. This is the recommended method because:

  • You do not need to create or remember a separate password
  • Your identity is verified by a trusted provider that already has robust security measures
  • StandShare never sees or stores your social account password — it only receives a verification token confirming your identity

When you click "Sign in with Google" (or Microsoft or Apple), you are briefly redirected to that provider's login page. Once you authenticate there, you are sent back to StandShare with a secure token that proves who you are.

If you prefer not to use social sign-in, you can sign in with a magic link:

  1. Enter your email address on the login page.
  2. StandShare sends a one-time login link to your inbox.
  3. Click the link to sign in immediately.

Magic links are valid for 15 minutes and can only be used once. After that, they expire. This approach is secure because only someone with access to your email inbox can use the link.

tip

Magic links are a good option if you are on a shared computer or if your organization does not use Google, Microsoft, or Apple accounts.

Email and password (fallback)

Traditional email and password login is available as a fallback. Passwords must be at least 8 characters and include uppercase, lowercase, a number, and a special character. StandShare never stores your password in plain text — only a one-way hash is kept.

Two-factor authentication (MFA)

Two-factor authentication adds a second verification step after your password. Once enabled, signing in also requires a 6-digit code from an authenticator app (such as Google Authenticator, Authy, or Microsoft Authenticator). Codes refresh every 30 seconds.

What happens when you sign in with MFA enabled

  1. Enter your email and password — or use social sign-in or a magic link.
  2. StandShare issues a temporary session that grants access only to the MFA verification step.
  3. Enter the 6-digit code from your authenticator app.
  4. StandShare issues your full session and takes you to your dashboard.

If you enter an incorrect code 5 times in a row, your account is locked for 30 minutes. You can still sign in using a recovery code during the lockout period.

Recovery codes

When you enable MFA, StandShare generates 10 one-time recovery codes. Store these somewhere safe — a password manager or printed sheet — because they are the only way to access your account if you lose your authenticator app.

Each code can be used only once. StandShare warns you when fewer than 5 codes remain. You can regenerate a fresh set of 10 at any time from Settings > Security, which invalidates all previous codes.

Trusted devices

When you sign in with MFA, you can check Trust this device for 30 days. Trusted devices skip the MFA prompt for 30 days. Trusted device status is tied to your browser — clearing cookies removes the trust. You can view and revoke trusted devices from Settings > Security > Trusted Devices.

For full instructions on enabling and managing MFA, see Secure your account with two-factor authentication.

info

Platform Admins (StandShare staff) are required to have MFA enabled and cannot disable it in production.

Step-up authentication

Even after you are signed in, certain sensitive operations require you to re-verify your identity. This is called step-up authentication, and it protects against scenarios where someone might access your session on an unlocked device.

When step-up authentication is required

By default, the following actions require step-up verification:

  • Approving or processing scholarship payments
  • Modifying financial records or account balances
  • Changing user roles or permissions
  • Modifying security configuration
  • Exporting data that contains personally identifiable information
  • Committing event settlements or reversing settlements
  • Bulk operations that affect multiple records

How it works

When you attempt a protected action, StandShare checks how recently you last verified your identity. If it has been longer than the grace period (15 minutes by default), a verification prompt appears asking you to re-authenticate using your social sign-in provider or a magic link.

Once verified, you are within the grace period again. Any additional protected actions within that window proceed without another prompt.

You sign in at 2:00 PM
       |
       v
You browse your dashboard, view transactions (no step-up needed)
       |
       v
At 2:10 PM, you try to approve a scholarship payment
  → Within the 15-minute grace period: action proceeds immediately
  → Outside the grace period: verification prompt appears
       |
       v
After re-verifying, the grace period resets to 15 minutes
info

Organization Admins can configure step-up policies through Settings > Security (the Security tab in Settings, which also houses password changes, MFA enrollment, and trusted device management). You can adjust the grace period and choose which operations require step-up verification. Changes to security policies are themselves step-up gated. Policies are applied per-organization and take effect within 5 minutes.

API keys bypass step-up

Requests made using an API key skip step-up authentication entirely. API key access is already limited by the scopes defined when the key was created.

Why step-up matters

Consider this scenario: you step away from your computer for a few minutes with StandShare open. Without step-up authentication, anyone who sits down at your desk could approve scholarship payments, change financial records, or modify permissions. Step-up ensures that even with an active session, the most sensitive operations require fresh proof of identity.

Rate limiting

StandShare limits how many login attempts can be made in a short time to protect against automated attacks. If you hit a limit, you will see a message asking you to try again later.

ActionLimit
Sign-in attempts10 attempts per 15 minutes
Forgot password requests5 requests per 15 minutes
New account registration5 attempts per hour
Magic link requests5 requests per 15 minutes

When a limit is reached, StandShare shows a "Too Many Requests" message. The limit resets automatically after the window passes — no action is needed on your part. If you are locked out due to a forgotten password, wait 15 minutes before requesting another reset link.

Session management

StandShare manages your login sessions to balance convenience with security:

  • Session timeout: Sessions expire after a configurable period of inactivity (default: 30 minutes). If you have not interacted with StandShare for that long, you will need to sign in again.
  • Sliding window: Each action you take extends your session. As long as you are actively using the platform, you will not be logged out.
  • Concurrent session limit: You can be signed in on a limited number of devices at the same time (default: 3). Signing in on a fourth device automatically ends the oldest session.
  • Token rotation: The secure tokens that maintain your session are automatically rotated on each use, reducing the window of exposure if a token is ever intercepted.
  • Administrative force-logout: If an administrator needs to revoke your access immediately — for example, if your device is lost — they can force-logout all of your active sessions at once using admin_panel.force_logout permission.

Data encryption

In transit

All data sent between your browser and StandShare is encrypted using HTTPS. Anyone intercepting network traffic cannot read the contents of your requests or responses.

At rest

Data stored in StandShare's database and file storage is encrypted at rest:

  • Database: All data in the PostgreSQL database is encrypted using AES-256 encryption
  • Documents: Files uploaded to document storage (Amazon S3) are encrypted server-side with AES-256
  • Backups: Database backups are also encrypted

Financial precision

StandShare uses exact decimal arithmetic (not floating-point) for all monetary calculations. This prevents rounding errors from creating discrepancies in financial records.

What data is collected

CategoryExamplesPurpose
Account informationName, email, phone numberUser identity and communication
Authentication dataSocial provider ID, session tokensVerifying your identity
Family profileFamily name, members, workers, program affiliationOrganizing your family's participation
Financial recordsAccount balance, transaction history, scholarship requestsTracking your earnings and disbursements
DocumentsUploaded contracts, credentialing formsCompliance tracking
Activity logsLogin times, actions taken, IP addressesSecurity auditing and accountability
Device informationBrowser type, operating system (from request headers)Session management and trusted device tracking

StandShare does not collect:

  • Social media passwords (social sign-in uses token-based authentication)
  • Bank account numbers or credit card numbers
  • Location data beyond IP address
  • Browsing activity outside of StandShare

Who can see your data

Access to data in StandShare is strictly controlled by the role-based permission system:

Your dataWho can see it
Your account balance and transactionsYou (as Family Lead) and users with administrative or treasurer roles
Your scholarship requestsYou, and users with scholarship approval permissions
Your documentsYou, and users with document management permissions
Your family profileYou, and users with family account viewing permissions
Your activity in the audit logOnly administrators with audit log permissions

Family Workers (non-lead family members) can see their own event assignments but cannot access the family's financial data.

info

The exact permissions that control data visibility are configurable by the organization's administrators. The table above reflects the typical configuration. See Understanding Roles and Permissions for details.

Audit logging

Every significant action in StandShare is recorded in an audit log:

  • Who took the action (user name and email)
  • What they did (the specific operation)
  • When they did it (timestamp)
  • What changed (before and after values for modifications)
  • Where they did it from (IP address)

The audit log is immutable — entries cannot be edited or deleted. Administrators with audit log permissions can search and filter the log. This is particularly important for financial operations where accountability is essential.

Key takeaways

  • StandShare supports passwordless authentication (social sign-in and magic links) so you do not need to manage a separate password
  • MFA adds a second verification step at sign-in; trusted devices let you skip it on devices you use regularly
  • After 5 failed MFA attempts, accounts are locked for 30 minutes; recovery codes can bypass the lockout
  • Step-up authentication protects sensitive operations even within an active session
  • Rate limits protect against automated attacks — wait out the window if you hit one
  • All data is encrypted both in transit and at rest
  • Access to your data is controlled by roles and permissions — only authorized users can see sensitive information
  • Every significant action is recorded in an immutable audit log

Next Steps