Overview

 

Memb.rs itself uses token based authentication, and passwords are one way encrypted for security purposes.

 

Memb.rs doesn't use cookies, so there is no specific member tracking, rather our optional analytics is based on general page activity. Analytics is opt-in for each client.

 

 

These are managed by the respective service (Stripe/GoCardless), and Memb.rs uses their approved payment integration packages for member payments.

Memb.rs does not store credit/debit card details, other than the last 4 digits and the Stripe customer ID, which is used by Stripe to provide previously used card details to the member.

Data Protection Practices

• Client Data Ownership: Any data stored or processed on behalf of a client remains the property of that client. Naked Creativity will never share it with third parties without explicit written permission.
• Access Controls: Only permanent, full-time Naked Creativity staff have access to personal data. Any third-party access (e.g. for hosting) must be authorised by directors.
• Client Third Party Access: For example if you contract out development to another service provider for retrieving and updating data within your Memb.rs configuration (retrieve news articles, events etc) that require use of the Memb.rs API. This level of access does provide access to member data, and as such an agreement between you and your third-party provider should be created to cover this access.
• Data Removal: On request, client data can be removed from active systems within 14 days and from backups within 120 days (subject to legal obligations for financial records).
• Data Disclosure Requests: Any requests for personal data copies are subject to strict identity verification before being fulfilled.

Data Location and Hosting

Primary Hosting Partners

• Positive Internet (UK-based): Primary dedicated server, located in Cambridgeshire, powered by renewable energy.
• Amazon Web Services (AWS): Cloud infrastructure used primarily in the London, UK region, with global delivery via Amazon CloudFront for performance.

Backups

• Full daily backups via Positive Internet (including CMS uploads and databases).
• Incremental hourly backups via Positive Internet (including CMS uploads and databases).
• AWS-hosted content is also duplicated to the dedicated server for backup purposes.

Compliance and Governance

• UK GDPR and Data Protection Act: Naked Creativity operates in full compliance, with data handling policies reviewed and aligned with current legislation.
• No Sensitive Data Stored: The company does not collect or store sensitive personal data (e.g. health, religious or political views, payment credentials).
• Security Measures: Strong passwords, encrypted devices (e.g. via FileVault), hidden tracking on hardware, and secure transmission methods (no personal data sent by email or removable media).
   

Service Availability and Business Continuity

• Monitoring & Uptime: Infrastructure is monitored via Positive Internet and Alertra, with 30-minute response times during UK business hours.
• Disaster Recovery: In the event of server failure, services can be redeployed to alternative infrastructure. All source code is version-controlled and backed up.
• Remote Work-Ready: The team is fully operational remotely, with cloud-based tools and encrypted devices to maintain operations during any office disruption.

 

For full details please see our Terms & Conditions.