HomeWorkflow FinderHow it worksIntegrationsTrustAboutContactFind workflow
Trust & data

Your data stays yours. Agents run in secure Azure systems.

Associations need clear answers on ownership, security, access, and offboarding. Rustproof is designed so your team controls the data and the agents operate inside a documented Azure environment.

Ownership

The association owns the data, the approved outputs, and the operating record.

What belongs to you
What Rustproof does not do
Your AMS, finance, event, email, calendar, and document data
Claim ownership over your source data or customer records
The board packets, CFO briefings, renewal briefs, and reports produced for you
Use association data to build a shared data asset for other customers
The approved workflow descriptions, output definitions, and runbooks
Enable write-back actions without named approval
The audit logs for connector reads, agent runs, generated outputs, and human review
Read payment card data, bank credentials, passwords, or OAuth secrets
The offboarding package defined in the agreement
Keep connector access active after the agreed offboarding date
Principle. Rustproof operates the agents. The association owns the business context, source data, approved outputs, and operating record.
Controls

Access, audit trail, human review, and offboarding terms are designed before the first connector is enabled.

Scoped access

  • Connectors start read-only and are limited to the approved systems and fields.
  • Least-privilege access is documented before production use.
  • Write-back actions require named approval for each capability.
  • The association designates administrative and review roles.

Audit log

  • Connector reads are logged with source system, timestamp, actor, and purpose.
  • Agent outputs cite their source records: calendar IDs, GL lines, document links, member-record IDs, or event IDs.
  • Human-review actions are logged before board packets, member emails, or committee reports go external.
  • The association names who can query the log.

Human review

  • Board packets require CEO or designee sign-off.
  • Finance committee materials require CFO/controller review.
  • Member-facing outreach is drafted by the agent and sent only by a named staff reviewer.
  • External distribution is controlled by the association, not the agent.

Offboarding

  • Connector access is disabled on the agreed offboarding date.
  • Temporary processing data is deleted on the contracted schedule.
  • The association keeps output definitions, runbooks, workflow descriptions, and audit logs specified in the agreement.
  • Agent handoff is documented before the final service closeout.
Who owns the data and outputs?

The association owns its source data, approved workflows, output definitions, reviewed deliverables, runbooks, and audit logs specified in the agreement. Rustproof operates the agents during the service term; it does not turn customer data into a shared data asset.

Where does Rustproof run?

Rustproof is being built on Microsoft Azure. Production scopes document the Azure services, region, access boundaries, retention rules, and backup approach before connectors are enabled.

Which data fields are read by default?

Default reads are limited to fields needed for the approved output: member status, organization, segment, dues tier, renewal date, event participation, finance summaries, document metadata, and engagement timestamps. Payment card data, bank credentials, passwords, and fields outside the approved scope are excluded.

Where does the audit log live and who can query it?

Each engagement includes an audit log of connector reads, agent runs, generated outputs, and human-review actions. The association designates the roles that can query it, typically the CEO, CFO, IT lead, and an operations or compliance owner.

What requires human review before it goes external?

Board packets, finance-committee materials, member-facing outreach, sponsor communications, and any draft that leaves the staff operating group require a named human reviewer before release.

What happens during offboarding?

Rustproof disables connector access, deletes temporary processing data on the agreed schedule, and delivers the association-owned runbooks, output definitions, approved workflow descriptions, and audit logs specified in the contract.

Who is the incident-response contact?

Each pilot has a named founder owner and technical owner. Incident response, escalation channels, and response windows are documented during onboarding before any production connector is enabled.

Last updated: May 5, 2026

Security posture

Built with Microsoft Azure. Controlled with clear access boundaries.

Azure foundation
Rustproof is being built on Microsoft Azure. Each production scope documents the services, regions, retention rules, backup approach, and access boundaries used for the engagement.
Read-only by default
Connectors are scoped read-only. Write-back — drafting an email, posting a report — requires named approval for each capability.
Audit trail per output
Every agent output cites its source records — calendar IDs, GL lines, document links, member-record IDs. Nothing is synthesized without a traceable chain of evidence.
Not sure where to start?

Find your best first AI workflow.

Answer 4 questions about your association, role, operational pain, and systems. We'll give you a practical one-page recommendation your team can use.

Find my workflow
What you get
A practical workflow recommendation before any call.
Best first workflowRanked
Systems to mapListed
Likely blockersNamed
Next stepAustin link
Start the workflow finder →