Memberful Data Protection.
Measures we take to protect your data.
We take data protection seriously. This document outlines some of the measures we take to protect your data when you use Memberful.
When you close your account, it's really gone.
We permanently delete all your account data when you close your Memberful account. We also delete your data from third-party services we use like Stripe (for processing payments) and Intercom (for support).
Backups are destroyed after 30 days.
All our server logs and database backups are permanently deleted after 30 days. So when you delete your Memberful account, you know all your data is removed from our systems within 30 days.
We only send data to necessary services.
Memberful relies on some third-party services, like Intercom (for providing support), Stripe (for processing payments), Google Analytics and Adwords (for analyzing web traffic and tracking conversions), and Heroku / Amazon Web Services (for hosting our application and data). These third-party services help us run Memberful reliably, securely, and efficiently. We do not ever sell your data to unaffiliated third-parties for marketing purposes.
We ask before we look.
We don’t view customer dashboards or connected accounts unless they grant explicit permission to do so as part of a support ticket.
We take security seriously.
All communications between Memberful and your browser are encrypted, our production database is encrypted-at-rest, and we encrypt our backend services as much as is practical. We host in a secure environment and retain geo-redundant backups for 30 days. See Memberful Security for more.
We’ve made changes for the GDPR.
We've made changes to help Memberful customers comply with the GDPR and we've improved our own internal data protection and security.
For Memberful customers:
- How long we store information: We store this personally identifiable information for as long as your Memberful account is open.
- Right to update your information: You may visit your Account page in your Memberful dashboard to update your information at any time.
- Right to be forgotten: You may close your Memberful customer account at any time. When a customer account is deleted from Memberful, all personally identifiable information in the customer account - including that of any members - is completely erased from our systems (including backups) within 30 days.
- Security: Our application and production database runs on AWS (Amazon Web Services) in hardened and physically secured data centers located in the United States. Our production database is encrypted at rest. We will inform you of any significant security breach within 72 hours.
For our customer’s members:
- How long we store information: We store this personally identifiable information for as long as your customer account and your member’s account is open.
- Right to update your information: Your members may visit their account to update their information at any time.
- Right to be forgotten: When you delete a member account all personally identifiable information in that member account is completely erased from our systems (including backups) within 30 days.
- Consent: You may add links to your Terms of Service and Privacy Policy to your checkout. Memberful understands that by continuing with a purchase, a member is agreeing with these terms. Additionally, you understand it is your responsibility to ensure these links and their content are GDPR compliant.
- Third-party integrations: Memberful also integrates with some third-party software services like Stripe and Mailchimp. We attempt to delete the member from third-party services when they are deleted from Memberful. However, we cannot guarantee data deletion from third-party services we don't control. You understand it is your responsibility to ensure this data is deleted from these third-party services in a GDPR compliant way.