Question 1

Is ChapterPulse SOC 2 certified?

Accepted Answer

ChapterPulse is hosted on SOC 2 Type II certified infrastructure. Vercel (application hosting and edge network) and Neon (managed PostgreSQL database) are both SOC 2 Type II certified, and Cloudflare R2 (object storage) maintains SOC 2 Type II and ISO 27001 certifications. ChapterPulse itself, as an application, is not separately SOC 2 certified.

Question 2

How is member data isolated between chapters?

Accepted Answer

ChapterPulse uses a multi-tenant architecture with per-organization data isolation enforced at the database level through row-level security policies, not just at the application level. Every database transaction is scoped to a single organization, and row-level security prevents cross-tenant data access even if application code has a bug.

Question 3

What encryption do you use?

Accepted Answer

Data is encrypted in transit using TLS 1.3. Sensitive credentials are encrypted at rest using AES-256-GCM. Database connections are secured via SSL, and all underlying infrastructure providers (Vercel, Neon, Cloudflare R2) provide encrypted storage.

Question 4

Do you sell or share chapter data?

Accepted Answer

No. ChapterPulse does not sell your chapter or member data, ever. It is not shared for advertising or used to build profiles for third parties. AI-assisted drafting and insights features process data through providers with zero data retention policies, so your content is not used to train models.

Question 5

How is member data protected when using AI features?

Accepted Answer

AI-assisted drafting and Conversational Insights are routed through the Vercel AI Gateway to large language model providers that operate under zero data retention agreements. Requests and responses are not stored by the AI provider beyond the duration of the call, are not logged for human review, and are never used to train or fine-tune models. Zero data retention is a hard requirement for any model we enable, which gives us flexibility to swap models as the underlying technology evolves without changing your privacy posture. Personally identifiable member information such as names, emails, phone numbers, addresses, and year of birth is gated behind column-level permission flags inside the insights query layer, so a user without the PII permission cannot ask the AI to return it even indirectly. Queries run against your chapter's row-level-secured database context, so the model can only see what the asking user is already allowed to see. The current list of model providers is published on our Subprocessors page.

Question 6

How are third-party credentials like ThoughtSpot and Mailchimp stored?

Accepted Answer

Credentials for integrations such as ThoughtSpot, Dark Rhino, StarChapter, and Mailchimp are encrypted at rest using AES-256-GCM before they are written to the database, using a server-side key that is not accessible from the browser. Once saved, credentials are never returned to any client, including the admin who originally entered them. The settings page shows a masked or redacted state and only allows replacement, not retrieval. Sync jobs decrypt credentials in memory on the server immediately before use and discard them when the job completes. Row-level security ensures credentials are only ever accessible within the scope of the owning organization, and audit logging redacts encrypted fields so they never appear in change history.

Question 7

What happens to our data if we cancel?

Accepted Answer

Data is retained for the duration of your subscription and deleted within 30 days of termination. You may request a data export or deletion at any time. Scheduled CSV exports, draft exports, and member data exports are all available from within the application so you can take your data with you.

Question 8

How does role-based access control work?

Accepted Answer

ChapterPulse provides 14 granular permissions across 6 preset templates, layered over owner, admin, and member governance roles. Sensitive personally identifiable information such as member contact details and volunteer applicant data is gated behind separate permission flags at the column level, so you can grant access to reports without exposing private member information.

Your chapter data, protected

Infrastructure and security controls

Hosted on certified infrastructure

Encryption

Access controls

Data isolation

AI zero data retention

Compliance and regulatory readiness

CASL compliance built in

GDPR-ready data handling

Data retention

Legal documentation

How we handle your data

We do not sell your data. Ever.

AI features use zero-retention providers

Integration credentials stay sealed

You own your data

Questions about security?