Security

Your chapter data, protected

ChapterPulse is built on SOC 2 Type II certified infrastructure with encryption, access controls, and compliance measures designed for organizations that handle member data.

Infrastructure and security controls

Every layer of ChapterPulse is designed with data protection in mind.

Hosted on certified infrastructure

All production infrastructure providers maintain independent third-party security audits.

Vercel

SOC 2 Type II certified, ISO 27001 compliant. Handles application hosting, edge network, and serverless functions.

Neon (PostgreSQL)

SOC 2 Type II certified. Managed PostgreSQL with automated backups, point-in-time recovery, and encrypted storage.

Cloudflare R2

SOC 2 Type II, ISO 27001. Object storage for file uploads with global edge distribution.

Encryption

Data encrypted in transit (TLS 1.3)
Database connections secured via SSL
Integration credentials for ThoughtSpot, Dark Rhino, StarChapter, and Mailchimp are encrypted at rest with AES-256-GCM
Credentials are never returned to any client after save, not even to the admin who entered them. You can rotate, but you cannot read back
Decrypted only in server memory, only for the duration of a sync job, only within the owning organization's scope

Access controls

Role-based access control: 14 granular permissions across 6 preset templates, with owner, admin, and member governance roles
Row-level security enforced at the database level, not just application level
Session verification on every API request
Column-level PII gating (member contact details, volunteer applicant data) behind separate permission flags

Data isolation

Multi-tenant architecture with per-organization data isolation
Row-level security policies prevent cross-tenant data access
Organization-scoped database transactions

AI zero data retention

AI drafting and Conversational Insights are routed through the Vercel AI Gateway to providers operating under zero data retention agreements
Prompts and responses are not stored, not logged for human review, and never used to train models
Insights queries respect row-level security and column-level PII gating, so the model only sees what the asking user can see

Compliance and regulatory readiness

Built-in protections for the regulations that matter to chapter operations.

Anti-spam compliance built in

CASL (Canada) and CAN-SPAM (US) requirements are integrated into the newsletter builder, with country-appropriate compliance text, unsubscribe links, and sender identification.

GDPR-ready data handling

Data minimization practices, compliant newsletter templates, and the ability to export or delete member data on request.

Data retention

Data is retained for the duration of your subscription and deleted within 30 days of termination. You may request data export or deletion at any time.

Legal documentation

Privacy Policy, Terms of Service, and Data Processing Agreement available for your review.

How we handle your data

1

We do not sell your data. Ever.

Your chapter and member data exists to serve your organization. It is never sold, shared for advertising, or used to build profiles for third parties.

2

AI features use zero-retention providers

AI-assisted drafting and Conversational Insights are routed through the Vercel AI Gateway to large language model providers that operate under zero data retention agreements. Prompts and responses are not stored beyond the call, are not logged for human review, and are never used to train or fine-tune models. Zero data retention is a hard requirement for any model we enable, which gives us flexibility to adopt new models as the technology evolves without changing your privacy posture. Insights queries respect row-level security and column-level PII gating, so the model only sees what the asking user is already permitted to see.

3

Integration credentials stay sealed

Credentials for ThoughtSpot, Dark Rhino, StarChapter, and other integrations are encrypted at rest with AES-256-GCM before they reach the database. Once saved they are never returned to any client, not even the admin who entered them. The settings UI only allows replacement, and sync jobs decrypt them in server memory just long enough to run. It works the same way any well-designed system handles a password: you can rotate it, but you cannot read it back.

4

You own your data

You can export or delete your data at any time. Scheduled CSV exports, draft export, and member data export are all available from within the application.

Frequently asked questions

Is ChapterPulse SOC 2 certified?
ChapterPulse is hosted on SOC 2 Type II certified infrastructure. Vercel (application hosting and edge network) and Neon (managed PostgreSQL database) are both SOC 2 Type II certified, and Cloudflare R2 (object storage) maintains SOC 2 Type II and ISO 27001 certifications. ChapterPulse itself, as an application, is not separately SOC 2 certified.
How is member data isolated between chapters?
ChapterPulse uses a multi-tenant architecture with per-organization data isolation enforced at the database level through row-level security policies, not just at the application level. Every database transaction is scoped to a single organization, and row-level security prevents cross-tenant data access even if application code has a bug.
What encryption do you use?
Data is encrypted in transit using TLS 1.3. Sensitive credentials are encrypted at rest using AES-256-GCM. Database connections are secured via SSL, and all underlying infrastructure providers (Vercel, Neon, Cloudflare R2) provide encrypted storage.
Do you sell or share chapter data?
No. ChapterPulse does not sell your chapter or member data, ever. It is not shared for advertising or used to build profiles for third parties. AI-assisted drafting and insights features process data through providers with zero data retention policies, so your content is not used to train models.
How is member data protected when using AI features?
AI-assisted drafting and Conversational Insights are routed through the Vercel AI Gateway, which enforces zero data retention (ZDR) at the team level. Vercel only routes requests to providers with whom it has negotiated ZDR agreements, so requests and responses are not stored by any provider in the routing chain, are not logged for human review, and are never used to train or fine-tune models. This gives us flexibility to swap models as the underlying technology evolves without changing your privacy posture. Personally identifiable member information such as names, emails, phone numbers, addresses, and year of birth is gated behind column-level permission flags inside the insights query layer, so a user without the PII permission cannot ask the AI to return it even indirectly. Queries run against your chapter's row-level-secured database context, so the model can only see what the asking user is already allowed to see. See Vercel's ZDR documentation for the current list of compliant providers.
How are third-party credentials like ThoughtSpot and Mailchimp stored?
Credentials for integrations such as ThoughtSpot, Dark Rhino, StarChapter, and Mailchimp are encrypted at rest using AES-256-GCM before they are written to the database, using a server-side key that is not accessible from the browser. Once saved, credentials are never returned to any client, including the admin who originally entered them. The settings page shows a masked or redacted state and only allows replacement, not retrieval. Sync jobs decrypt credentials in memory on the server immediately before use and discard them when the job completes. Row-level security ensures credentials are only ever accessible within the scope of the owning organization, and audit logging redacts encrypted fields so they never appear in change history.
What happens to our data if we cancel?
Data is retained for the duration of your subscription and deleted within 30 days of termination. You may request a data export or deletion at any time. Scheduled CSV exports, draft exports, and member data exports are all available from within the application so you can take your data with you.
How does role-based access control work?
ChapterPulse provides 14 granular permissions across 6 preset templates, layered over owner, admin, and member governance roles. Sensitive personally identifiable information such as member contact details and volunteer applicant data is gated behind separate permission flags at the column level, so you can grant access to reports without exposing private member information.
Who owns the data in ChapterPulse?
Your chapter does. ChapterPulse acts as a data processor on your organization's behalf. We process membership and operational data solely to provide the service your chapter has engaged us for. We do not independently claim any right to the data, and you can export or delete it at any time.
How does member data get into ChapterPulse?
Your chapter's parent association (such as PMI) provides membership data to the chapter under the terms of their charter or affiliation agreement. Your chapter then uses ChapterPulse as an operational tool to manage that data. ChapterPulse may also connect to third-party platforms your chapter already uses (such as chapter management systems or analytics tools) to synchronize data on your chapter's behalf. The chapter controls what data flows in and how it is used.
Does ChapterPulse need separate consent from each member?
No. Under Canadian privacy legislation (PIPEDA), transferring personal information to a service provider for processing on the organization's behalf is a "use" of that information, not a "disclosure," provided it is used for the purpose for which it was originally collected. Your chapter is the data controller; ChapterPulse processes data on the chapter's behalf for chapter operations. The chapter's existing authorization from its parent association and members' acceptance of the association's privacy policy provide the legal basis for this processing.
What privacy frameworks does ChapterPulse support?
ChapterPulse is designed to support compliance with PIPEDA and provincial legislation (such as Alberta's PIPA), GDPR for members in the European Economic Area, and CCPA/CPRA for California residents. Our Privacy Policy, Terms of Service, and Data Processing Agreement are publicly available at chapterpulse.com/legal/privacy.

Questions about security?

We are happy to discuss our security practices, provide additional documentation, or walk through our architecture with your team.