Your members trust you
with their data.
We take that seriously.
Professional associations handle sensitive member information — credentials, compliance records, financial data. MemberRun is built with enterprise-grade security so you can serve your members without worrying about their data.
Your data is yours
You can export everything — members, events, financials, CPD records — in one click, anytime. No vendor calls. No proprietary formats. No hostage situations. If you ever leave, your data leaves with you.
Privacy by design
We collect the minimum data needed to run your association. Member data is never sold, shared with third parties, or used for advertising. Your members' data exists to serve your association — nothing else.
Defense in depth
Security isn't a feature — it's an architecture decision. Encryption at rest and in transit, role-based access controls, audit logging, and automated vulnerability scanning are built into every layer.
How we protect your data.
Encryption everywhere
- TLS 1.3 for all data in transit
- AES-256 encryption for data at rest
- Encrypted database backups
- Secure credential storage with hashing and salting
Access controls
- Role-based access control (RBAC) with granular permissions
- SSO/SAML support for Enterprise tier
- Multi-factor authentication available
- Session management with automatic timeout
Audit & compliance
- Complete audit log of all administrative actions
- User activity tracking with timestamps
- Data access logging for compliance reporting
- Export audit trails for regulatory review
Infrastructure
- Hosted on Google Cloud Platform (SOC 1/2/3 certified)
- Automated daily backups with point-in-time recovery
- 99.9% uptime SLA for Professional and Enterprise tiers
- DDoS protection and WAF at the edge
Data handling
- One-click full data export (CSV, JSON)
- Data isolation between organizations
- Automated data retention policies
- Right to deletion support for member requests
Incident response
- 24-hour breach notification commitment
- Documented incident response procedures
- Regular security assessments and penetration testing
- Vulnerability disclosure program
Compliance frameworks.
Common questions.
Where is our data stored?
Your data is stored on Google Cloud Platform infrastructure in North America. Enterprise customers can request specific regional data residency.
Can members request deletion of their data?
Yes. MemberRun supports right-to-deletion requests. Administrators can process member data deletion through the platform, and we provide tools to verify complete removal.
What happens to our data if we cancel?
You get 90 days to export everything. After that, data is permanently deleted from our systems including backups. We provide assisted export if needed.
Do you use member data for AI training?
No. Member data is never used to train AI models. AI features (search, churn prediction, recommendations) run on your data within your organization's boundary and are not shared across organizations.
Who at MemberRun can access our data?
Access is restricted to a small infrastructure team under strict access controls and logging. All access requires business justification, is logged, and is reviewed regularly. We will never access your data without your explicit consent except as required for system operations.
How do you handle security vulnerabilities?
We run automated vulnerability scanning, conduct regular penetration testing, and maintain a responsible disclosure program. Critical vulnerabilities are patched within 24 hours.
Questions about security?
We're happy to walk through our security practices with your IT team or compliance officer. Just ask during your demo.
Book a free demo