Skip to content

How the board view protects member privacy

This page explains why board members see aggregate totals instead of member names, what that means in practice, and how a board member who also holds an admin role can access deeper detail when needed.

The Board portal shows the same financial and membership metrics that admins see, but without any path to individual member names, email addresses, or payment details. Drills open aggregate panels (“27 overdue renewals — count only, no names”), not member lists. This is an intentional governance feature that lets board members fulfill their oversight role without accessing sensitive member data.

Board members see all the same metric categories as admins — MRR, Churn Rate, Retention Rate, aging totals, revenue by period, and so on. Every number is organization-wide. No per-member rows, no member names, no email addresses appear anywhere in the Board portal.

When a board member selects a dashboard metric card, a panel opens with an aggregate breakdown. For example, selecting Overdue renewals shows: “27 overdue renewals — count only, no names.” The panel tells you the count and the total amount where applicable, but it never lists the members involved.

Each card in the board view shows “shows totals, not names” before you select it, so you always know what you’ll see before you click.

When a board member exports data (CSV, Excel, or PDF), the file contains the same aggregate totals shown on screen. No per-member columns appear in the export. The file name includes “Aggregate Financial Summary — Board View” to make the no-PII guarantee explicit.

The board financial summary page shows a permanent notice at the top: “This financial summary shows aggregate totals only. Individual member payment details are visible to finance admins, not displayed here.” This notice isn’t dismissible — it’s there every time you open the page as a clear confirmation that the absence of member detail is intentional, not an error.

Members trust your organization with personal and financial information. That trust is the foundation of membership. The board has a governance responsibility — oversight of the organization’s financial health — that doesn’t require seeing each member’s name, payment history, or contact details.

The aggregate-only board view lets board members fulfill that oversight role (reviewing MRR, aging receivables, churn, and tax totals) while keeping member data in the hands of the staff and admins whose operational role requires it.

This is also the pattern members expect: they didn’t consent to having their membership and payment details seen by every board member — they consented to being a member of the organization.

  • A board member who also holds an admin role (for example, the club treasurer who sits on the board) can switch to the admin view using the View as admin button in the page header. Admin scope — including per-member drill — is available there. The Board portal itself never grants additional permissions.
  • The board role’s lack of per-member access is a scope assignment, not a permission error. Selecting a card in the Board portal never shows a “you don’t have permission” error — it always shows the aggregate panel.
  • Board members can drill zero-value cards without a broken result. A “0 overdue renewals” card shows “0 overdue renewals — nothing to follow up on right now.”