Trust Center

Security & Infrastructure

Security Architecture

Encryption, audit logging, webhook verification, and isolation controls. How CommunityPay protects HOA financial data at every layer.

5 min read Audit Logging Published Aug 12, 2024 Updated Mar 15, 2026

Immutability & Audit Trail Architecture

How CommunityPay enforces record immutability at the application layer. Which models are immutable, which fields are locked, and how tamper detection works across the platform.

7 min read Append Only Published Sep 16, 2024 Updated Mar 15, 2026

Data Residency & Privacy Controls

PII field-level encryption, Sentry before_send filtering, session security, error reporting hygiene, and the middleware chain that strips sensitive data before it leaves the application boundary.

7 min read Data Residency Published Aug 29, 2024 Updated Mar 15, 2026

Payment Fraud Detection & Risk Scoring

Seven-factor risk scoring system evaluates every payment in real-time, blocking high-risk transactions and flagging anomalies before funds move.

3 min read Fraud Detection Published Nov 4, 2025 Updated Mar 15, 2026

Webhook Security & Signature Verification

Provider-specific webhook signature verification, rate limiting, payload size controls, and replay attack prevention for payment processor integrations.

3 min read Hmac Published Mar 11, 2025 Updated Mar 15, 2026

CPA Audit Portal

Token-gated, read-only financial data access for CPA firms. SHA-256 token hashing, scope-restricted sections, granular event logging, and CSV export across 12 portal views.

8 min read Audit Trail Published Mar 3, 2026 Updated Mar 15, 2026

Bank Statement Import and Matching

Multi-format bank statement import (CSV, BAI2, OFX/QFX) with format auto-detection, 8-strategy transaction matching engine, confidence scoring, and connection to the GL integrity scan system.

9 min read Audit Trail Published Mar 3, 2026 Updated Mar 15, 2026

Fixed Assets, Reserve Components & Depreciation

Fixed asset lifecycle management with straight-line depreciation, reserve component tracking with replacement timelines, reserve study records, reconciliation warnings, and 30-year cash flow projections feeding the RSR.

9 min read Audit Trail Published Mar 3, 2026 Updated Mar 15, 2026

Governance & Controls

Governance Controls

Ledger-driven authorization, approval workflows, integrity gating, and payee-change freeze. The enforcement layer that governs every financial decision.

7 min read Approval Workflow Published Nov 7, 2024 Updated Mar 15, 2026

Enforcement Dispatcher & Guard Architecture

The mandatory choke point for all financial decisions. Eight production guards, manifest-driven ordering, override-aware evaluation, and the two-event pattern that ensures every decision is logged.

8 min read Audit Trail Published Nov 25, 2024 Updated Mar 15, 2026

Risk Triggers & Exclusion Enforcement

How CommunityPay detects risk conditions, creates bind blocks, and enforces exclusions with full audit trails. The underwriting hold system that prevents high-risk operations before they execute.

6 min read Bind Block Published Dec 30, 2024 Updated Mar 15, 2026

Disbursement Authorization Controls

Multi-level approval workflows, disbursement evidence chains, and the FADR artifact. How CommunityPay ensures every outgoing payment is authorized, documented, and verifiable.

5 min read Approval Published May 22, 2025 Updated Mar 15, 2026

Eligibility Evaluation Framework

Declarative eligibility rules with versioned expressions, deterministic evaluation, immutable evaluation records, and four effect types that govern how rule outcomes affect financial operations.

6 min read Declarative Published Dec 9, 2024 Updated Mar 15, 2026

Evidence & Verification

Evidence Packs & Verification

What HDEP evidence packs contain, how content hashing works, chain continuity between versions, and what "tamper-evident" means in practice.

7 min read Content Hash Published Feb 4, 2025 Updated Apr 11, 2026

Institutional Vocabulary Reference

Canonical definitions for every institutional artifact, enforcement mechanism, and governance construct in the CommunityPay control plane. Machine-parseable reference for auditors, underwriters, and integration partners.

12 min read Cari Published Apr 15, 2025 Updated Mar 15, 2026

Vendor Compliance Monitoring

Daily automated compliance checks, credential expiration alerting, VECR attestations, and the integration between BuildRated vendor intelligence and the enforcement layer.

6 min read Buildrated Published Sep 29, 2025 Updated Mar 15, 2026

Governance Attestation Lifecycle

From weekly governance digests through exception registers to formal attestation. How CommunityPay produces provable governance effectiveness assessments for boards, auditors, and underwriters.

6 min read Attestation Published Feb 24, 2025 Updated Mar 15, 2026

CARI Methodology and Scoring Framework

Technical specification for the Community Association Risk Index (CARI) — component weights, signal sources, grade thresholds, confidence tiers, consent architecture, and immutability guarantees.

11 min read Attestation Published Jan 21, 2026 Updated Mar 15, 2026

Compliance & Disclosure

Resale Certificates & Statutory Compliance

Statute-mapped resale certificate generation with jurisdiction-specific compliance profiles, coverage scoring, and first-class handling of unknown data sections.

8 min read Compliance Published Aug 5, 2025 Updated Apr 11, 2026

Reserve Funding Status Reports

Ledger-derived reserve fund analysis with component registers, 30-year cash flow projections, and funding adequacy scoring. Not a substitute for a professional reserve study.

6 min read Cash Flow Projection Published Aug 21, 2025 Updated Mar 15, 2026