We take security seriously. This document outlines the measures we take to protect you and your customers when you use Memberful.
We don't store credit card data.
We use SSL everywhere.
We force HTTPS on our website and across our application. This creates a secure connection between client and server and protects all the data transmitted over the connection.
We host in a secure environment.
Memberful runs on Amazon EC2 via Heroku. Amazon utilizes state-of-the art electronic surveillance and multi-factor access control systems. Data centers are staffed 24x7 by trained security guards, and access is authorized strictly on a least privileged basis. Multiple geographic regions allow them to remain resilient in the face of most failure modes, including natural disasters or system failures.
We keep geo-redundant offsite backups.
We take twice daily offsite geo-redundant backups of all critical application data with an enterprise level backup provider. These backups are securely hosted on two different continents via hardware RAID arrays that provide RAID-6 protection.
We rapidly investigate all reported security issues. If you've discovered a security bug, please send an email to firstname.lastname@example.org. We will try to respond within 24 hours (usually faster). We request that you not publicly disclose the issue until we can address it.