Summary
At Join It, we take security seriously and implement extensive measures to protect your data. We also ensure that your members' information will never be used or shared — their data remains secure.
Going into more detail, check out some other useful insights into our security measures below.
Security and Compliance Practices
Critical Secure third-party vendors we employ
MongoDB Atlas (Database Hosting): https://www.mongodb.com/collateral/mongo-db-atlas-security
Meteor Galaxy (Web Server Hosting): https://www.meteor.com/galaxy
Stripe for payments: https://stripe.com/docs/security
Data Mobility
Join It supports the full export of your Membership data, in case you choose to leave the platform in the future.
Evidence: Support article that details this feature: http://support.joinit.com/en/articles/1007665-how-do-i-export-my-member-data
Description of screenshot: Displaying the Members export page
Data Ownerships
Join It believes that you fully own your Membership data, so if you choose to leave the platform then you can completely and permanently delete all of your data from our platform.
This can be done within your account by going to your Organization's Settings tab and clicking the 'Reset Data' button. Once you confirm that you want to delete your data, your account will be wiped clean.
This action will permanently delete all related Members/Memberships, Payment records, and Timeline objects.
Description of screenshot: Displaying where to find the 'Reset Membership Data' section
Forced HTTPS
All visitors access the site through HTTPS, so that all data transferred from your browser connection to our servers is encrypted.
Evidence: When visiting Join It, you'll see the 'green lock' encryption
PCI Compliance and Payments / Stripe
Credit Card information is never sent to Join Its servers. Through Stripe's SDK, we send the payment information from the client/browser directly to Stripe and Stripe returns a token to initiate payment.
This reduces the risk concerns around handling sensitive payment information.
Join It is PCI Compliant and was last approved on September 2022
Account Security
Join It offers 2-Factor Authentication (2FA) / Multi-factor Authentication for user accounts
With 2FA, we've added an extra layer of security to user accounts, significantly reducing the risk of unauthorized access. By enabling 2FA, our customers can enjoy peace of mind, knowing that their information and membership data are safeguarded from potential breaches.
Frequently Asked Questions
Where does Join It host its data?
Physically, the data that Join It collects is hosted in the eastern region of the United States. However, Join It goes above and beyond the United States' regulations for data protection, privacy, portability, and a consumer's "right to be forgotten".
Join It complies with the European Union's GDPR and has a majority of its customers based outside the United States.
Join It, Inc ("Join It") complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. You can read about our Data Privacy Framework compliance here: https://joinit.com/data-privacy-framework
Join It has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF. Join It has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/