Security Overview & SOC 2 Certification

This article contains evidence of Memberstack's good standing as a SOC 2 certified company, and then very briefly explains a few of the measures we take to protect you and your customers when you use Memberstack.

SOC 2 Report

For a complete security audit and proof of SOC 2 compliance, please download our most recent SOC 2 report.

The report contains the following sections:

• DC 1: Company Overview and Types of Products and Services Provided
• DC 2: The Principal Service Commitments and System Requirements
• DC 3: The Components of the System Used to Provide the Services
  • 3.1 Primary Infrastructure
  • 3.2 Primary Software
  • 3.3 People
  • 3.4 Security Processes and Procedures 3.5 Data
  • 3.6 Third Party Access
  • 3.7 System Boundaries
• DC 4: Disclosures About Identified Security Incidents
• DC 5: The Applicable Trust Services Criteria and the Related Controls Designed to Provide Reasonable Assurance that the Service Organization’s Service Commitments and System Requirements were Achieved
  • 5.1 Integrity and Ethical vValues
  • 5.2 Commitment to Competence
  • 5.3 Management’s Philosophy and Operating Style
  • 5.4 Organizational Structure and Assignment of Authority and Responsibility 5.5 Human Resource Policies and Practices
  • 5.6 Security Management
  • 5.7 Security and Privacy Policies
  • 5.8 Personnel Security
  • 5.9 Physical Security and Environmental Controls
  • 5.10 Change Management
  • 5.11 System Monitoring
  • 5.12 Incident Management
  • 5.13 Data Backup and Recovery
  • 5.14 System Account Management
  • 5.15 Risk Management Program
  • 5.15.1 Data Classification

Site Content

Member Data - Member data, such as email and password, is secured using industry best practices. We force HTTPS, meaning data between websites and our servers is always encrypted. Data stored in our database is encrypted at rest. Download our most recently SOC 2 report for more information. 

Hosted Content - You can host secure HTML content and links directly inside of Memberstack. This content is only accessible to members who are logged in with the correct permissions. Learn more about Hosted Content →

Hidden Content - Memberstack “hides” parts of your website using Javascript and CSS in the front end. 99.9% of web goers will have no idea how to access hidden content on your site. However, we recommend that you DO NOT upload sensitive personal information directly Webflow or any website gated by Memberstack. Learn more about Gated Content → 

Payment Data

We don't store credit card data on our servers. All payment processing is handled by Stripe, a certified Level 1 PCI Service Provider (the most stringent level of certification available). When credit card data is submitted via Memberstack, it is sent directly to Stripe via JavaScript over a secure SSL connection. The payment data never touches our servers.

We use SSL everywhere.

We force HTTPS on our website and across our applications. This creates a secure connection between the client and server and protects all the data transmitted over the connection.

We keep offsite backups.

We regularly take backups of all critical application data with a secure backup provider.

Responsible Disclosure

We rapidly investigate all reported security issues. If you've discovered a security bug, please send an email to support@memberstack.com. We will try to respond within 24 hours (usually faster). We request that you not publicly disclose the issue until we can address it.