Common Good Privacy and Security

The Common Good system keeps your information as private and secure as possible, meeting or exceeding industry standards. Information we collect:

  • Legal name
  • Physical address
  • Mailing address
  • Phone number
  • Email address
  • Birthdate
  • Social Security Number
  • Bank account number (optional)
  • Customizable security question and answer
  • Your chosen password and PIN
  • Your photograph
  • Other information (optional)


How we protect your information where it is stored

All Common Good information is stored in a passworded database on a secure server.

All of the information we collect, except your legal name and postal code, is encrypted in the database, using 256-bit encryption -- stronger protection than the industry standard. Then, for all fields except phone, email, photograph, and optional other information, the encryption is encrypted again using a different 256-bit encryption method. None of this information is accessible online except through a signed-in administrator account.

Your PIN and password are also encrypted with one-way encryption, stronger than the industry-standard.

Your most sensitive private data (birthdate, social security number, driver's license or state ID, and bank account number) are encrypted a third time, using a key that is only accessible when a regional Common Good administrator signs in with proprietary plug-in hardware.

How we protect your information in communications

The Common Good website is a Secure Server with industry-standard 128-bit encryption (or better) of all information coming in and going out.

Your private information is never shown to you. So even if someone tricks you into revealing your password, they cannot steal your identity or your money.

Your private information is never revealed to any third party except:

  • We send your legal name, social security number, birthdate, and contact information to the IRS and to your state's Department of Revenue once a year, as required for Form 1099-B reporting.
  • We provide your legal name, bank account number, and contact information to our bank when you request a transfer of funds from your bank account in exchange for Common Good Credits. This is the same information that typically appears on your checks -- no coincidence since the Common Good system uses e-checks to transfer funds.
  • With your permission (only), other Common Good members in your community can identify you by your phone number or email address, for example in order to pay or charge you.
  • We share your mailing address with the US Postal Service when we mail something to you (so the Postal Service can deliver it).
  • We will share your information with law enforcement or other government agencies, if and only if required by law.

In any email we send you:

  • We address you by your full name, so you know we know you.
  • We provide your account code.
  • We never include a link that requires you to type your existing password.

Common Good Card security

The Common Good Card's QR code includes an arbitrary security code that is stored encrypted on the Common Good server. When you make a purchase with your Common Good Card, the server verifies the security code and your photo appears on the merchant's scanning device. The cashier verifies that your face and your stored image match the photo on the card.

The photo and security code are never displayed to you on the website, so if your account password is stolen, your Common Good Card is still secure.

If your Common Good Card is lost or stolen, a new security code is chosen for your replacement card.

Physical security

All Common Good data is stored on industry-standard secure Virtual Private Servers.

Administrator account security

For the greatest possible security, our methods of protecting administrator accounts are confidential.