Appearance
System Architecture v2.6
Last updated: March 25, 2026
System Boundaries
AI4Love does not operate its own data center infrastructure. All hosting, storage, and credential management is delegated to SOC 2 Type II certified providers. The system is stateless — serverless functions process requests and release memory when complete.
What AI4Love Operates
- Application logic (serverless functions on Vercel)
- 7 analysis agents (scheduled via Make.com)
- MCP server for AI assistant access (read-only)
- Dashboard UI (static SPA on Vercel)
What AI4Love Does Not Operate
- Databases or data warehouses
- Email or messaging infrastructure
- Credential storage systems (delegated to Nango and Doppler)
- AI model training or hosting
Data Flow
Source Systems Processing Output
───────────── ────────── ──────
┌──────────────┐
│ Blackbaud │──READ──┐
│ RE NXT │ │
└──────────────┘ │
▼
┌──────────────┐ ┌──────────┐ ┌─────────────┐ ┌────────────┐
│ Mailchimp │──READ──▶│ Airtable │◀───│ Make.com │───▶│ Airtable │
│ │ │ (People, │ │ (7 Agents) │ │ (Insights) │
└──────────────┘ │ Donors, │ │ Nightly run │ └─────┬──────┘
│ Events, │ └─────────────┘ │
┌──────────────┐ │ etc.) │ ▲ ▼
│ Environics │──READ──▶│ │ │ ┌──────────┐
│ Analytics │ └──────────┘ │ │ Dashboard│
└──────────────┘ │ │ │ (UI) │
│ ┌─────┴─────┐ └──────────┘
│ │ Claude API │ │
│ │ (text gen │ ▼
│ │ only) │ ┌──────────┐
│ └───────────┘ │ MCP │
│ │ Server │
└───────────────────────────│ (read) │
└──────────┘Flow Explained
Source systems (Blackbaud, Mailchimp, Environics) are read-only inputs. AI4Love pulls data on manual trigger or scheduled sync. Nothing is written back.
Airtable is the hub. All supporter records, donations, events, engagements, and participation live here. Airtable automations create Participation records from source data and stamp them for agent processing.
Make.com runs 7 analysis agents nightly. Each agent reads from Airtable, applies deterministic rules (thresholds, rollups, trend calculations), calls the Claude API for insight text generation, and writes Insight records back to Airtable.
Dashboard reads from Airtable to display insights, metrics, and recommendations to staff. Staff take action — the system does not.
MCP Server provides read-only access to supporter data for AI assistants (Claude, ChatGPT). All 19 tools are read-only. No writes, no deletes.
Connection Model
| Platform | Auth Method | Direction | What Flows |
|---|---|---|---|
| Blackbaud RE NXT | OAuth 2.0 (refresh token) | Read only | Constituents, gifts, actions, events |
| Mailchimp | API Key | Read only | Members, campaigns, activity |
| Environics | OAuth 2.0 (client credentials) | Read only | Postal-code-level PRIZM segments |
| Airtable | Service Account Access Token | Read + Write | All tables (writes limited to insight + enrichment fields) |
| Claude API | API Key | Send + Receive | Agent prompts sent, insight text received |
| Pinecone | API Key | Read only | Research embeddings (KindMind), org knowledge (Vault) |
Infrastructure Providers
| Provider | Role | Compliance |
|---|---|---|
| Airtable | Data storage (supporter records, insights) | SOC 2 Type II |
| Vercel | Application hosting and compute | SOC 2 Type II |
| Make.com | Agent orchestration (nightly runs) | SOC 2 Type II |
| Nango | OAuth credential management | SOC 2 Type II |
| Doppler | Secrets management | SOC 2 Type II |
| Anthropic | LLM provider (Claude API) | SOC 2 Type II |
| OpenAI | LLM provider (ChatGPT API, MCP path) | SOC 2 Type II |
| Pinecone | Vector search (research + org knowledge) | SOC 2 Type II |
Each sub-processor operates under their own independently audited security standards. AI4Love monitors provider status pages and security advisories. Changes to sub-processor agreements or compliance status are communicated to affected organizations.