Privacy Policy

1. Who We Are

MemberBridge is a membership management platform built for Canadian nonprofit organisations. This Privacy Policy explains how we collect, use, and protect the personal information of members, event registrants, and visitors to this platform.

The organisation operating this specific instance of MemberBridge is responsible for the data collected through it. If you are unsure which organisation operates the platform you are using, please use the contact details at the bottom of this page.

2. What Information We Collect

We collect personal information only when it is necessary to provide our services. This includes:

• Account information: First name, last name, email address, password (encrypted)
• Profile information: Phone number, city, province, postal code, organisation name, job title, bio
• Membership information: Membership type, join date, renewal dates, dues payment history
• Event registration: Event preferences, dietary requirements, accessibility needs, table preferences, session choices
• Payment information: We do not store full card numbers. Payment details are processed securely by Stripe, a PCI-DSS compliant payment processor
• Communications: Records of emails sent to you through the platform
• Technical data: IP address, browser type, pages visited (collected via cookies — see Section 9)

3. Why We Collect It

We identify the purpose of collection before or at the time of collection, as required by PIPEDA. We collect personal information for the following purposes:

• To create and manage your membership account
• To process membership dues and issue invoices
• To register you for events and communicate event details
• To send newsletters and organisation communications you have consented to receive
• To maintain accurate membership records for the organisation
• To comply with legal and regulatory obligations
• To improve the platform and fix technical issues

4. How We Use Your Information

We use your personal information only for the purposes listed above. We do not use your data for advertising, profiling, or any purpose you have not consented to. We do not sell, rent, or trade your personal information to any third party.

We may use your email address to send you:

• Membership renewal reminders and invoices
• Event confirmations and reminders you have registered for
• Newsletters and communications from your organisation (you may unsubscribe at any time)
• Important platform notifications (e.g. security alerts)

5. Who We Share It With

We share personal information only in the following limited circumstances:

• Your organisation's administrators: Authorised staff of the nonprofit you are a member of can see your member profile and activity
• Stripe (payment processing): Payment card details are sent directly to Stripe. We receive only a confirmation of payment. Stripe's privacy policy is available at stripe.com/privacy
• Email delivery: If your organisation uses an email provider (such as Amazon SES), your email address is shared only for the purpose of delivering communications you have consented to receive
• Legal requirements: We may disclose information if required by Canadian law or court order

We never share your data with advertisers, data brokers, or marketing companies.

6. Data Storage & Canadian Servers

All personal data collected through this platform is stored on servers physically located in Canada. We use WHC (Web Hosting Canada) servers based in Toronto and Montreal, both of which are subject to Canadian law.

Your data does not leave Canada except where you explicitly consent (for example, if your organisation uses a third-party service you have agreed to use). Any cross-border transfers are governed by contractual safeguards consistent with PIPEDA requirements.

7. How Long We Keep It

We retain your personal information for as long as you are an active member of the organisation, plus a reasonable period after membership ends (typically 7 years, to meet standard record-keeping requirements for Canadian nonprofits).

You may request deletion of your account and personal data at any time. See Section 8 for how to exercise this right.

8. Your Rights Under PIPEDA

As a Canadian resident, you have the following rights regarding your personal information:

• Right to access: You can request a copy of all personal information we hold about you
• Right to correction: You can update or correct your information at any time through your member dashboard
• Right to deletion: You can request that your account and personal data be permanently deleted
• Right to data portability: You can request your data in a portable format (CSV or JSON)
• Right to withdraw consent: You can unsubscribe from marketing emails at any time using the unsubscribe link in any email, or by contacting us
• Right to challenge compliance: You may file a complaint about how we handle your data with the Office of the Privacy Commissioner of Canada at priv.gc.ca

To exercise any of these rights, log in to your member dashboard and use the Privacy & Data section, or contact our Privacy Officer directly (see Section 13).

9. Cookies

We use cookies — small files stored on your device — for the following purposes:

• Essential cookies: Required for the platform to function (login sessions, security). Cannot be disabled.
• Analytics cookies: Help us understand how the platform is used so we can improve it. You may opt out.
• Preference cookies: Remember your settings and branding preferences.

You will be asked for your cookie consent when you first visit the platform. You can change your preferences at any time using the cookie settings link in the footer.

10. Security

We take the security of your personal information seriously. Our security measures include:

• All passwords are encrypted using bcrypt (they cannot be read by anyone, including us)
• All data is transmitted over HTTPS (encrypted connection)
• The server is protected by a firewall and monitored for unauthorised access
• Payment processing is handled entirely by Stripe (PCI-DSS Level 1 certified)
• Regular automated backups are stored on Canadian servers
• Admin access requires two-factor authentication

In the event of a data breach that poses a real risk of significant harm, we will notify affected individuals and the Office of the Privacy Commissioner within 72 hours, as required by PIPEDA's mandatory breach reporting rules.

11. Children's Privacy

This platform is not directed at children under the age of 16. We do not knowingly collect personal information from anyone under 16 without verifiable parental consent. If you believe we have inadvertently collected information from a child, please contact us and we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in law or our practices. We will notify you of significant changes by email or by a notice on the platform at least 30 days before the change takes effect. The "Last updated" date at the top of this page reflects the most recent version.

Continued use of the platform after the effective date constitutes acceptance of the updated policy.

13. Contact Our Privacy Officer