Privacy Policy

MemberWise is a private knowledge hub platform for membership organisations. This Privacy Policy explains how we collect, use, and protect your personal information when you use the Service.

For any privacy-related questions, please contact us via the form on our homepage.

We collect only the information necessary to provide the Service:

• Name — provided when you accept an invitation or are added by an administrator
• Email address — used to identify your account and send invitation emails
• Password — stored as a one-way cryptographic hash (bcrypt). We cannot read your password.
• Group membership — which group or groups your account is associated with
• Account activity timestamps — when your account was created

We do not collect payment information, IP addresses, browsing history, or any sensitive personal data beyond the above.

Your information is used solely to:

• Authenticate you when you log in
• Identify you within your group to your group administrator
• Send invitation and password-reset emails
• Notify group administrators of membership activity where configured

We do not use your data for advertising, profiling, or any automated decision-making.

Your data is stored in a managed PostgreSQL database hosted on servers located in the United States. All connections use TLS encryption in transit. Passwords are hashed using bcrypt with a cost factor of 12 and are never stored in recoverable form.

Because our servers are located in the United States, your personal information may be subject to access by US authorities under applicable US law, including the CLOUD Act. We do not voluntarily disclose user data to any government or law enforcement agency without a valid legal obligation to do so.

Access to the database is restricted to the platform administrator and automated application processes. No third party has access to your data for commercial purposes.

We do not sell, trade, or share your personal information with third parties, except in the following limited circumstances:

• Email delivery — your email address is passed to our transactional email provider (Resend or SendGrid) solely to deliver invitation and notification emails. These providers act as data processors under our instruction.
• Legal compliance — we may disclose information if required to do so by law or in response to a valid legal process.

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access — request a copy of the personal data we hold about you
• Correction — request that inaccurate data be corrected
• Deletion — request that your account and associated data be deleted
• Portability — request your data in a machine-readable format

To exercise any of these rights, contact your group administrator or contact us via the form on our homepage. We will respond to all requests within 30 days.

Active accounts are retained for as long as your membership is active. If your account is deactivated by a group administrator, your record may be retained for administrative purposes.

To request complete deletion of your data, contact us via the form on our homepage. We will action deletion requests within 30 days.

Demo group data is reset daily. Any data entered into the public demo group is deleted automatically during the nightly reset.

We use a single session cookie to maintain your authenticated state while you are logged in. This cookie contains a cryptographically signed session token and no personally identifiable information.

We do not use analytics cookies, advertising cookies, or any third-party tracking technologies.

This platform is operated from Canada and we comply with the Personal Information Protection and Electronic Documents Act (PIPEDA). PIPEDA governs how we collect, use, and disclose personal information in the course of commercial activity.

Under PIPEDA, you have the right to:

• Know why we collect your personal information before or at the time of collection
• Expect that your information will be used only for the stated purpose
• Access the personal information we hold about you
• Challenge the accuracy of your information and have it corrected if necessary

Although our servers are located in the United States, PIPEDA still applies to us as a Canadian-operated service. We remain fully responsible for your data regardless of where it is stored, and we have ensured our US hosting provider maintains appropriate security standards.

To make a PIPEDA access or correction request, contact us via the form on our homepage.

If you are located in the European Economic Area, you have additional rights under the General Data Protection Regulation (GDPR). Our lawful basis for processing your data is the performance of a contract — specifically, providing you with access to the knowledge hub you have been invited to join.

Your data may be transferred to and processed in the United States. We rely on contractual necessity as the legal basis for this transfer. You have the right to lodge a complaint with your local supervisory authority if you believe we have handled your data unlawfully.

We may update this Privacy Policy from time to time. We will update the “Last updated” date above when changes are made. Continued use of the Service after changes are posted constitutes acceptance of the revised policy.

For any privacy-related questions or requests, please contact us via the form on our homepage.