Security

Your chapter data, protected

ChapterPulse is built on SOC 2 Type II certified infrastructure with encryption, access controls, and compliance measures designed for organizations that handle member data.

Infrastructure and security controls

Every layer of ChapterPulse is designed with data protection in mind.

Hosted on certified infrastructure

All production infrastructure providers maintain independent third-party security audits.

Vercel

SOC 2 Type II certified, ISO 27001 compliant. Handles application hosting, edge network, and serverless functions.

Neon (PostgreSQL)

SOC 2 Type II certified. Managed PostgreSQL with automated backups, point-in-time recovery, and encrypted storage.

Cloudflare R2

SOC 2 Type II, ISO 27001. Object storage for file uploads with global edge distribution.

Encryption

Data encrypted in transit (TLS 1.3)
Sensitive credentials encrypted at rest (AES-256-GCM)
Database connections secured via SSL

Access controls

Role-based access control with 5 preset roles and custom roles
Row-level security enforced at the database level, not just application level
Session verification on every API request
Granular permission system (11 permission types)

Data isolation

Multi-tenant architecture with per-organization data isolation
Row-level security policies prevent cross-tenant data access
Organization-scoped database transactions

Compliance and regulatory readiness

Built-in protections for the regulations that matter to chapter operations.

CASL compliance built in

Canadian Anti-Spam Legislation requirements are integrated into the newsletter builder, including unsubscribe links and sender identification.

GDPR-ready data handling

Data minimization practices, CASL-compliant newsletter templates, and the ability to export or delete member data on request.

Data retention

Data is retained for the duration of your subscription and deleted within 30 days of termination. You may request data export or deletion at any time.

Legal documentation

Privacy Policy, Terms of Service, and Data Processing Agreement available for your review.

Privacy PolicyTerms of ServiceData Processing Agreement

How we handle your data

1

We do not sell your data. Ever.

Your chapter and member data exists to serve your organization. It is never sold, shared for advertising, or used to build profiles for third parties.

2

AI features use zero-retention providers

AI-assisted drafting and insights process data through third-party providers with zero data retention policies. Your content is not used to train models.

3

You own your data

You can export or delete your data at any time. Scheduled CSV exports, draft export, and member data export are all available from within the application.

View our full list of subprocessors

Questions about security?

We are happy to discuss our security practices, provide additional documentation, or walk through our architecture with your team.

Contact privacy@chapterpulse.comBook a Demo