This article contains evidence of Memberstack's good standing as a SOC 2 certified company, and then very briefly explains a few of the measures we take to protect you and your customers when you use Memberstack.
SOC 2 Report
For a complete security audit and proof of SOC 2 compliance, please download our most recent SOC 2 report.
The report contains the following sections:
- DC 1: Company Overview and Types of Products and Services Provided
- DC 2: The Principal Service Commitments and System Requirements
- DC 3: The Components of the System Used to Provide the Services
- 3.1 Primary Infrastructure
- 3.2 Primary Software
- 3.3 People
- 3.4 Security Processes and Procedures 3.5 Data
- 3.6 Third Party Access
- 3.7 System Boundaries
- DC 4: Disclosures About Identified Security Incidents
- DC 5: The Applicable Trust Services Criteria and the Related Controls Designed to Provide Reasonable Assurance that the Service Organization’s Service Commitments and System Requirements were Achieved
- 5.1 Integrity and Ethical vValues
- 5.2 Commitment to Competence
- 5.3 Management’s Philosophy and Operating Style
- 5.4 Organizational Structure and Assignment of Authority and Responsibility 5.5 Human Resource Policies and Practices
- 5.6 Security Management
- 5.7 Security and Privacy Policies
- 5.8 Personnel Security
- 5.9 Physical Security and Environmental Controls
- 5.10 Change Management
- 5.11 System Monitoring
- 5.12 Incident Management
- 5.13 Data Backup and Recovery
- 5.14 System Account Management
- 5.15 Risk Management Program
- 5.15.1 Data Classification
Member Data - Member data, such as email and password, is secured using industry best practices. We force HTTPS, meaning data between websites and our servers is always encrypted. Data stored in our database is encrypted at rest. Download our most recently SOC 2 report for more information.
Hosted Content - You can host secure HTML content and links directly inside of Memberstack. This content is only accessible to members who are logged in with the correct permissions. Learn more about Hosted Content →
We use SSL everywhere.
We force HTTPS on our website and across our applications. This creates a secure connection between the client and server and protects all the data transmitted over the connection.
We keep offsite backups.
We regularly take backups of all critical application data with a secure backup provider.
We rapidly investigate all reported security issues. If you've discovered a security bug, please send an email to firstname.lastname@example.org. We will try to respond within 24 hours (usually faster). We request that you not publicly disclose the issue until we can address it.