Summary
Protecting customer data is a core responsibility at Join It
We use industry-standard safeguards to protect the information entrusted to us, including encrypted connections (HTTPS), secure payment processing through Stripe, optional two-factor authentication, controlled infrastructure hosted with leading cloud providers, and tools that allow customers to export or delete their data at any time. Join It is designed so that sensitive payment card data is handled directly by Stripe rather than stored on our servers, reducing risk and limiting exposure. We also maintain clear privacy practices, support GDPR-related rights, and work with established third-party providers to help ensure the reliability, security, and continuity of our platform.
Data Protection
Data Backup & Retention
We take the durability and safety of your data very seriously. Join It uses a multi-layered automated backup system designed to protect against data loss and ensure recoverability.
Our database is backed up automatically at several intervals - all described below:
Continuous Protection:
Snapshots every 6 hours, retained for 7 days
Enables point-in-time recovery within the last 7 days if needed
Daily Protection:
Daily backups, retained for 7 days
Weekly Protection:
Weekly backups, retained for 4 weeks
Long-Term Protection:
Monthly backups, retained for 12 months
This layered approach ensures that both recent changes and long-term historical data can be restored if necessary.
Data Recovery Capabilities
Because of our frequent snapshot schedule, we can restore data to specific points in time within the previous 7 days, providing fine-grained recovery if a mistake or unexpected issue occurs.
For longer-term protection, we maintain weekly and monthly backups that allow restoration from historical snapshots going back up to one year.
Conclusion of Data Protection
This backup strategy provides:
Frequent backups to minimize potential data loss
Short-term point-in-time recovery for operational incidents
Long-term backup retention for disaster recovery scenarios
Fully automated backups, requiring no action from customers
Together, these practices ensure that your membership data is protected with multiple layers of redundancy and recoverability.
Data Mobility
Join It supports the full export of your Membership data, in case you choose to leave the platform in the future.
Evidence: Support article that details this feature: http://support.joinit.com/en/articles/1007665-how-do-i-export-my-member-data
Description of screenshot: Displaying the Members export page
Data Ownerships
Join It believes that you fully own your Membership data, so if you choose to leave the platform then you can completely and permanently delete all of your data from our platform.
This can be done within your account by going to your Organization's Settings tab and clicking the 'Reset Data' button. Once you confirm that you want to delete your data, your account will be wiped clean.
This action will permanently delete all related Members/Memberships, Payment records, and Timeline objects.
Description of screenshot: Displaying where to find the 'Reset Membership Data' section
Security and Compliance Practices
Critical Secure third-party vendors we employ
MongoDB Atlas (Database Hosting): https://www.mongodb.com/collateral/mongo-db-atlas-security
Meteor Galaxy (Web Server Hosting): https://www.meteor.com/galaxy
Stripe for payments: https://stripe.com/docs/security
Forced HTTPS
All visitors access the site through HTTPS, so that all data transferred from your browser connection to our servers is encrypted.
Evidence: When visiting Join It, you'll see the 'green lock' encryption
PCI Compliance and Payments / Stripe
Credit Card information is never sent to Join Its servers. Through Stripe's SDK, we send the payment information from the client/browser directly to Stripe and Stripe returns a token to initiate payment.
This reduces the risk concerns around handling sensitive payment information.
Join It is PCI Compliant
2-Factor Authentication (2FA) / Account Security
Join It offers 2-Factor Authentication (2FA) / Multi-factor Authentication for user accounts
With 2FA, we've added an extra layer of security to user accounts, significantly reducing the risk of unauthorized access. By enabling 2FA, our customers can enjoy peace of mind, knowing that their information and membership data are safeguarded from potential breaches.
Frequently Asked Questions
Where does Join It host its data?
Physically, the data that Join It collects is hosted in the eastern region of the United States. However, Join It goes above and beyond the United States' regulations for data protection, privacy, portability, and a consumer's "right to be forgotten".
Join It complies with the European Union's GDPR and has a majority of its customers based outside the United States.
Join It, Inc ("Join It") complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. You can read about our Data Privacy Framework compliance here: https://joinit.com/data-privacy-framework
Join It has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF. Join It has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/