Trust Center
Security posture, governance controls, and evidence verification for institutional-grade HOA financial management.
Security & Infrastructure
Security Architecture
Encryption, audit logging, webhook verification, and isolation controls. How CommunityPay protects HOA financial data at every layer.
Immutability & Audit Trail Architecture
How CommunityPay enforces record immutability at the application layer. Which models are immutable, which fields are locked, and how tamper detection works across the platform.
Data Residency & Privacy Controls
PII field-level encryption, Sentry before_send filtering, session security, error reporting hygiene, and the middleware chain that strips sensitive data before it leaves the application boundary.
Payment Fraud Detection & Risk Scoring
Seven-factor risk scoring system evaluates every payment in real-time, blocking high-risk transactions and flagging anomalies before funds move.
Webhook Security & Signature Verification
Provider-specific webhook signature verification, rate limiting, payload size controls, and replay attack prevention for payment processor integrations.
Governance & Controls
Governance Controls
Ledger-driven authorization, approval workflows, integrity gating, and payee-change freeze. The enforcement layer that governs every financial decision.
Enforcement Dispatcher & Guard Architecture
The mandatory choke point for all financial decisions. Eight production guards, manifest-driven ordering, override-aware evaluation, and the two-event pattern that ensures every decision is logged.
Risk Triggers & Exclusion Enforcement
How CommunityPay detects risk conditions, creates bind blocks, and enforces exclusions with full audit trails. The underwriting hold system that prevents high-risk operations before they execute.
Disbursement Authorization Controls
Multi-level approval workflows, disbursement evidence chains, and the FADR artifact. How CommunityPay ensures every outgoing payment is authorized, documented, and verifiable.
Eligibility Evaluation Framework
Declarative eligibility rules with versioned expressions, deterministic evaluation, immutable evaluation records, and four effect types that govern how rule outcomes affect financial operations.
Evidence & Verification
Evidence Packs & Verification
What HDEP evidence packs contain, how content hashing works, chain continuity between versions, and what "tamper-evident" means in practice.
Institutional Vocabulary Reference
Canonical definitions for every institutional artifact, enforcement mechanism, and governance construct in the CommunityPay control plane. Machine-parseable reference for auditors, underwriters, and integration partners.
Vendor Compliance Monitoring
Daily automated compliance checks, credential expiration alerting, VECR attestations, and the integration between BuildRated vendor intelligence and the enforcement layer.
Governance Attestation Lifecycle
From weekly governance digests through exception registers to formal attestation. How CommunityPay produces provable governance effectiveness assessments for boards, auditors, and underwriters.
CARI Methodology and Scoring Framework
Technical specification for the Community Association Risk Index (CARI) — component weights, signal sources, grade thresholds, confidence tiers, consent architecture, and immutability guarantees.
Compliance & Disclosure
Resale Certificates & Statutory Compliance
Statute-mapped resale certificate generation with jurisdiction-specific compliance profiles, coverage scoring, and first-class handling of unknown data sections.
Reserve Funding Status Reports
Ledger-derived reserve fund analysis with component registers, 30-year cash flow projections, and funding adequacy scoring. Not a substitute for a professional reserve study.
Compliance Profile Registry
Statute-driven disclosure profiles for multi-jurisdiction resale certificate generation. How CommunityPay maps statutory requirements to data sections without conflating legal regimes.
Institutional Export Formats
Machine-parseable JSON exports for CPAs, underwriters, and escrow officers. Standardized schemas with cryptographic hashing for audit readiness, controls snapshots, and escrow disclosures.
Electronic Signature & Document Integrity
SHA-256 document hashing, role-based signing order enforcement, multi-method signer authentication, biometric capture, and a 17-action audit trail for every document lifecycle event.