GDPR Compliance Overview

Article author
Duncan Hamra
  • Updated


Memberstack, Inc. is a company organized and established under the laws of the State of Delaware, USA (referred to as either "Memberstack", "we", "us" or "our").
At Memberstack, we care about the security of our customers’ data. We understand how critical maintaining consumer trust is and how trust is rooted first and foremost in protecting confidential data. We operate highly secure services while addressing all relevant legal, industry, and regulatory concerns around the world.

Our Commitment to You

We are committed to helping our customers and users understand and, where applicable, comply with the General Data Protection Regulation (GDPR).
In addition to strengthening and standardizing user data privacy across jurisdictions, GDPR introduce additional obligations on all organizations that handle personal data.
On this page, we explain how Memberstack complies with GDPR.

How Memberstack complies with the GDPR

The requirements of GDPR are significant, and our team has adapted our services, operations, and contractual commitments to ensure our compliance with these regulations.

We have taken action on many fronts to adhere to these regulations, including:

  • Our main line of business involves monitoring data subjects on a large scale through regular and systematic procedures.
  • Our services are designed and updated to comply with all local and international data protection laws and regulations.
  • We take complete responsibility for safeguarding our customers' data by implementing required technical measures and legal agreements.
  • To ensure personal data security, we have a robust data protection policy that guides all employees.
  • We have a transparent policy in place that allows customers to exercise their rights regarding personal information.
  • All our policies, procedures, and standards of conduct are implemented to ensure employees are aware of any violations.
  • We have taken all necessary technical and organizational measures to be GDPR compliant.
  • The personal information that we collect from customers is processed using high-security and encryption techniques.
  • Personal data processed through our services is stored, transferred, and shared based on legal bases fully compliant with the GDPR.
  • We conduct analyses and research that are fully compliant with both local and international data protection laws and standards.
  • The information provided to customers and our monitoring of their progress and satisfaction are completely GDPR compliant.
  • We have revised our Privacy Policy to incorporate applicable privacy laws based on our data inventory, data flows, and data handling practices.
  • To ensure sub-processor security, we maintain stringent standards for storing, processing, or transmitting Personal Data. Each sub-processor signs contracts (DPA) that guarantee the same level of protection to us as our obligations to Controller. This provides a baseline of control expectations for evaluating each sub-processor's conformance and risk acceptance based on their relationship.

Frequently asked questions

Where is my data stored?

Memberstack is hosted with Amazon Web Services, and the storage location is the United States.


How secure is my data? Does Memberstack take the supplementary measures in order to protect personal data?

Ensuring the security of our services and your data is of utmost importance to Memberstack. We understand the critical role that consumer trust plays in sustaining our business, which heavily relies on safeguarding personal data. To this end, we undertake all essential measures to comply with relevant legal, industry, and regulatory requirements worldwide. You can find an overview of our security practices on our website: here.


Does the GDPR require EU personal data to stay in the EU?

The GDPR does not require EU data to reside in the European Union. Our Data Processing Addendum and the European Union’s Model Clauses (Standard Contractual Clauses) will continue to ensure compliance for EU personal data transfers outside of the EU. 


What is a transfer impact assessment?

Memberstack’s Data Protection Addendum incorporates the 2021 versions of the Standard Contractual Clauses (SCCs). In response to the heightened requirements created by the Schrems II decision, these new SCCs require a data importer (such as Memberstack) to provide specific information about data transfers it undertakes, and requires importers to conduct a transfer impact assessment to evaluate risks involved with the transfer of personal data to countries outside the EEA. The SCCs also require a data importer to take into account any supplemental technical and organizational security measures and additional assessments may be required to mitigate risks before transferring any personal data across borders.


I don't want my data to leave Europe. Do you have plans to offer local or regional storage in the EU? Do you have an EU datacenter?

Currently, Memberstack stores all data in the United States. However, we may offer regionalized storage in the EU in the future.



At Memberstack, we prioritize the security and privacy of your data. As such, we are happy to assist you in complying with GDPR regulations. If you have any inquiries regarding your rights under GDPR as a user or how Memberstack can aid you in achieving compliance as a customer, please don't hesitate to reach out to us at


Was this article helpful?



Please sign in to leave a comment.