Security

Built to keep each group’s private data separate.

Golbi is designed for groups that handle families, children, dues, files, and staff tasks. It is not a public social feed. Private data should only be seen by the right people.

Start your organizationRead privacy approach
Security model

The key rule: each group is separate.

Groups stay separate

Each group has its own records. One group should never be able to see another group's data.

Clear access rules

Owners, admins, staff, coaches, guardians, and members should see different things. Private tasks need clear approval.

Audit history

Important admin actions should leave a history record. This matters most for dues, checklist reviews, files, invites, and settings.

Sensitive tasks

Dues and checklists are private by default.

Members must not see another member's balance, payment status, waiver, or payment history.
Coach training uploads, review notes, waivers, and due dates are private data.
Member and coach pages should show only that person's information, or their family's information.
Rosters should use simple labels, like eligible or not eligible, when details are not needed.

No overpromising

Golbi should not claim SOC 2, HIPAA, PCI, or other formal security reviews unless they are done. Security pages should say what works now and what is planned.

Forms and files

Public forms and private files need different rules.

Public forms

Forms need checks, spam protection, safe display, and group limits before they collect real data.

Private files

Files should stay private unless an admin chooses to share them. Public site images should be chosen on purpose.

External payments

Golbi does not store bank, card, or Venmo passwords. Golbi tracks dues and payment notes. Your group owns the payment account.

Related reading
Private dues trackingChecklist privacyDues collection guide

Security should be part of the way your group works.

Set up the basics now and bring your team in when you are ready.

Start your organizationView product demo