Storing sensitive personal information Answered
Hi šš¼
Iām working on a project that requires users to upload and securely store sensitive documents, such as personal IDs and medical records.
Since Memberstack does not recommend storing or gating sensitive data directly, Iād like to know the best approach for handling this while ensuring security and GDPR compliance.
Basically, I'd need a solution that allows users to:
- Upload documents securely;
- Access and download their own documents safely;
- Restrict access so that only authorized users/admins can view specific files.
Would you be able to recommend a best practice or workaround for integrating secure document storage with Memberstack?
Best :)
Comments
1 comment
Hey Fernand š
Text data stored in Memberstack is secure, but anything stored in the Webflow CMS / external database will only be as secure as that system.Ā
For example, you could follow this tutorial to manage files in S3 or Google drive, but those links will need to be "public" meaning anyone with the link will be able to view it. Assuming the link is only stored in Memberstack that should be okay. https://www.memberstack.com/scripts/97-upload-files-to-s3-bucket
But then only Memberstack admin and the logged in member will be able to access those links. If you want other members to see them then you'll need another database. I wonder if Wized might be able to help here... then you can make secure requests to an external database and verify that the requesting member has the right permissions. https://docs.wized.com/data-store/secrets
Please sign in to leave a comment.