Security Statement

OVERVIEW

Member Lounge provides hosted Portal solutions delivered by well known and established third-party providers. Member Lounge’s member portal solutions (Portal) are based on our Member Lounge™ technology platform. Member Lounge will always use appropriate, administrative, and technical security measures to protect Personal and Business information (Data). We take all reasonable effort to guard your Data and to ensure your Data remains impenetrable. We follow security best practices outlined by OWASP to maintain application and data security. We perform regular penetration tests using third-party security providers to ensure your Portals remain secure.

The End User is responsible for securing access to their user accounts. Member Lounge is not responsible for any data breach happening as a result of not storing passwords in a secure manner.

DATA STORAGE

All content created by and on the Portals are stored in our secure cloud storage solution. Hosting servers are physically located in Canada for Canadian Portals and in the US for US Portals.

All data in our cloud storage solution is backed up hourly meaning that our Recovery Point Objective (RPO) is a maximum of 1 hour.

PEOPLE AND ACCESS

Access to Portal and user data is controlled and access given to our team members only as a need to know basis. All passwords are stored in an encrypted format and on secure servers during day to day work. Our Portal hosting solutions are single-tenant (not multi-tenant) to ensure different Portals are unable to access each other’s data. This ensures that in the unlikely event of a security breach, the breach is contained and addressed quickly.

Member Lounge portals are designed to allow app data to be accessible only with appropriate credentials, such that one customer cannot access another customer’s data.

Member Lounge’s support and development teams have access to Member Lounge apps and may access customer data only for purposes of health monitoring and performing systemwide or app maintenance, and upon customer request via our support system. Within Member Lounge, only authorized Member Lounge employees have access to Portal data.

THIRD PARTIES

Member Lounge uses Digital Ocean and Linode, leading cloud platforms, as service providers for hosting its Portals. Our detailed Privacy Policy and list of third-party providers can be found here – https://memberlounge.app/privacy-policy.

PRIVACY

Member Lounge understands and is committed to the importance of ensuring the privacy of your business data and personally identifiable information. For more information, please see Member Lounge’s up to date Privacy Policy here – https://memberlounge.app/privacy-policy

REPORTING SECURITY AND VULNERABILITIES

Member Lounge is committed to ensuring the security and confidentiality of your information, and it’s very important for us to hear about ways we can improve the security of our Portal solutions.

If you discover a vulnerability, please disclose it to us through Member Lounge’s Support Systems – JIRA, Basecamp or email support@memberlounge.app.

To be able to assess the exploitability and impact of the issue, provide us with as much information as possible:

Provide the steps used to reproduce the issue, including any URLs or code involved HTTP request/response captures, or simply packet captures are also very useful to us.

Please be aware that we are unable to respond to generic scanner reports. If you have had a security practitioner examine a generic scan report and they have isolated specific vulnerabilities that need to be addressed, we request that you use our Support System to report them individually.