Security Policy
We take security seriously. This document outlines the measures we take to protect you and your customers when you use Memberstack.
Site Content
Hidden content - Memberstack “hides” parts of your website using redirects and CSS in the front-end. 99.9% of web goers will have no idea how to access hidden content on your site. However, we highly recommend that you DO NOT hide highly sensitive personal information using Memberstack.
Protected content - We are building system to secure content hosted on any website. Please comment on or like this thread to receive updates.
Member data - Member data, such as email and password, is secured using industry best practices. We force HTTPS, meaning data between websites and our servers is always encrypted. Data stored in our database is encrypted at rest.
Credit Card Data
We don't store credit card data on our servers. All payment processing is handled by Stripe, a certified Level 1 PCI Service Provider (the most stringent level of certification available). When credit card data is submitted via Memberstack, it is sent directly to Stripe via JavaScript over a secure SSL connection. The payment data never touches our servers.
We use SSL everywhere.
We force HTTPS on our website and across our application. This creates a secure connection between client and server and protects all the data transmitted over the connection.
We keep offsite backups.
We regularly take backups of all critical application data with a secure backup provider.
Responsible disclosure
We rapidly investigate all reported security issues. If you've discovered a security bug, please send an email to team@memberstack.com. We will try to respond within 24 hours (usually faster). We request that you not publicly disclose the issue until we can address it.
