Memberful Data Protection.

Measures we take to protect your data.

We take data protection seriously. This document outlines some of the measures we take to protect your data when you use Memberful.

When you close your account, it's really gone.

We permanently delete all your account data when you close your Memberful account. We also delete your data from third-party services we use like Stripe (for processing payments) and Intercom (for support).

Backups are destroyed after 30 days.

All our server logs and database backups are permanently deleted after 30 days. So when you delete your Memberful account, you know all your data is removed from our systems within 30 days.

We only send data to necessary services.

Memberful relies on some third-party services, like Intercom (for providing support), Stripe (for processing payments), Google Analytics and Adwords (for analyzing web traffic and tracking conversions), and Heroku / Amazon Web Services (for hosting our application and data). These third-party services help us run Memberful reliably, securely, and efficiently. We do not ever sell your data to unaffiliated third-parties for marketing purposes.

We ask before we look.

We don’t view customer dashboards or connected accounts unless they grant explicit permission to do so as part of a support ticket.

We take security seriously.

All communications between Memberful and your browser are encrypted, our production database is encrypted-at-rest, and we encrypt our backend services as much as is practical. We host in a secure environment and retain geo-redundant backups for 30 days. See Memberful Security for more.

We’ve made changes for the GDPR.

We've made changes to help Memberful customers comply with the GDPR and we've improved our own internal data protection and security.

For Memberful customers:

For our customer’s members:

Data Privacy Framework and Principles

Memberful adheres to the EU-U.S. Data Privacy Framework Principles and the Swiss-U.S. Data Privacy Framework Principles and complies with the associated EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework, and the Swiss-U.S. Data Privacy Framework as set forth by the U.S. Department of Commerce regarding the collection, use, sharing, and retention of personal data transferred from the European Union (including EFTA States), the United Kingdom, and Switzerland to the United States. As applicable, we do not, however, rely solely on the EU-US Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework, or the Swiss-US Data Privacy Framework as our lawful basis to transfer personal data from the European Union, EFTA States, or the United Kingdom. To learn more about the Data Privacy Framework program, and to view our certification, please visit https://www.dataprivacyframework.gov.

With respect to the personal data received or transferred pursuant to the Data Privacy Frameworks, Memberful is subject to the regulatory enforcement powers of the US Federal Trade Commission. Under certain circumstances, Data Privacy Framework participants may be liable for the transfer of personal data from the EU, EFTA States, or the United Kingdom to third parties outside the EU, EFTA States, and the United Kingdom. If you have a dispute with us about our Data Privacy Framework compliance, we ask that you first submit any such complaints directly to us at [email protected]. If you aren’t satisfied with our response, you may contact JAMS – the US-based independent alternative dispute resolution provider responsible for reviewing and resolving complaints about our Data Privacy Framework compliance free of charge to you – via https://www.jamsadr.com/eu-us-data-privacy-framework. In the event your concern still isn’t addressed by JAMS, you may be entitled to a binding arbitration under the Data Privacy Framework and its principles. More Information about this arbitration process can be found here.