All Collections
What Is MemberVault?
MemberVault Platform Security
MemberVault Platform Security
Mike Kelly avatar
Written by Mike Kelly
Updated over a week ago

We at MemberVault take the security of our platform very seriously and have taken several steps to ensure that you and your users' data are safe and secure.

If this document doesn't cover something you need to know, please email our CTO, Mike Kelly at mike@membervault.co

Traffic Encryption

All traffic through MemberVault is forced to be HTTPS and goes through an auto-updating Amazon SSL.

This means all information transferred to and from MemberVault is SHA-256 with RSA Encryption.

Database Security

All MemberVault databases are securely stored in the Amazon AWS - RDS service.

Traffic firewalls are on so that external connections directly to the database are refused.

This means the only thing that can access the database is the secure application itself.

Although very little sensitive or personal information is actually stored in our databases, passwords are also 256 bit encrypted as well.

This means that the admin's passwords can never be exposed.

Not even MemberVault HQ will ever know what your passwords are. (but we can reset them for you if needed)

Application Security

MemberVault constantly stays up to date on all the PHP and Apache security updates on the server to protect against known exploits.

Furthermore, MemberVault was built in a framework called CodeIgniter, which is a very long-standing, stable, and security implementation of the PHP language. This protects MemberVault from attacks such as SQL Injection, URL tampering, and even XSS cross-scripting attacks.

We also strongly enforce admins to change default passwords upon logging in for the first time.

Every account also gets a secure and unique key to use with the API if they need to use webhooks.

Payment Security

It's important to understand that MemberVault never touches ANY user payment information directly.

Instead, we have accounts securely connect via Stripe and PayPal, and handling of payments is done on their end. We do not ever know or expose full credit card numbers, passwords or keys.

Furthermore, ONLY the master admin of any account can access the payment connection page in the admin.

If you would like to learn more about Stripe's security, you can read more here:
https://stripe.com/docs/security/stripe

If you would like to learn more about Paypal's security, you can read more here:
https://www.paypal.com/us/webapps/mpp/paypal-safety-and-security


Questions? Reach out to us at hello@membervault.co, via chat support within your Admin account (available to paid users), or connect with other users within our FB Group, The MV Collaborative.


Did this answer your question?