MemberDex
Sign In Start a Community
Features Pricing Help Contact Sign In Start a Community

Privacy Policy

Effective date: April 28, 2026. MemberDex is operated as a sole proprietorship by David Tatzel in the Commonwealth of Massachusetts, United States. This policy explains what we collect, why, and the rights you have over your data.

1. Who controls your data

For visitors to our marketing site (memberdex.tatzel.io): David Tatzel d/b/a MemberDex is the data controller.

For member-directory data inside a community workspace: the community organization that subscribes to MemberDex is the data controller of its members' personal information. MemberDex acts as a data processor on its behalf, processing data only on the controller's instructions, as described in our Terms.

2. What we collect

  • Account data: email, hashed password (bcrypt), name, role, optional TOTP secret if you enable multi-factor authentication.
  • Member profile data: name, email, phone, photo, business name, and any custom fields the community admin defines, provided by you or your admin.
  • Billing data: the org's billing contact name and email. Card numbers and bank details are collected and stored by Stripe — we never see or store full card numbers.
  • Audit and security logs: timestamps of logins, invite events, admin changes, password resets, role changes, and impersonation events.
  • Server logs: request method, path, status code, latency, redacted headers. Authorization headers, cookies, password fields, JWT bearer tokens, and webhook secrets are scrubbed before write.
  • iOS app metadata: app version, iOS version, device model — used only to triage support tickets.
  • Profile photos uploaded by members.

3. What we do not collect

  • No third-party analytics, advertising, or tracking SDKs anywhere — site, app, or admin.
  • No cookies on the marketing site. No consent banner is necessary because we do not set any.
  • No cross-site or cross-app tracking. No advertising identifier (IDFA) is requested.
  • No location, camera, or microphone permissions are requested by the iOS app.
  • The iOS app does not request the iPhone Contacts permission and never imports your phone's contacts into MemberDex or syncs member records into the device address book in the background. If you tap the share button on a profile and explicitly choose to save a vCard to your Contacts, iOS handles that import per-card, on your initiative.

4. Legal basis for processing (GDPR / UK GDPR)

Where GDPR or UK GDPR applies, we rely on the following legal bases:

  • Performance of a contract — providing the service you signed up for.
  • Legitimate interest — securing the platform (audit logs, rate limits, fraud monitoring), supporting customers, and improving the product.
  • Consent — profile information you choose to enter, profile photos, and TOTP enrollment.
  • Legal obligation — tax records, breach notifications, lawful requests from authorities.

5. How we store and protect your data

Data lives in an encrypted-at-rest SQLite database on a Hetzner Cloud server in Virginia, United States. All traffic is HTTPS with HSTS enforced. Access is restricted to David Tatzel and a single super-admin login. Authentication tokens on iPhone are stored in the iOS Keychain with kSecAttrAccessibleWhenPasscodeSetThisDeviceOnly so they are never available to other apps and never sync to iCloud. The iOS client pins the production server certificate by SHA-256 hash; release builds fail closed if the pinning configuration is missing. Server logs and database backups have content-type and size caps to prevent disk and memory abuse.

6. Retention

  • Active community data: kept for the life of your subscription.
  • After cancellation: data remains exportable through the end of the paid period, then archived for 30 days, then permanently deleted.
  • Audit log: default 60 days; community admins can request longer retention in writing.
  • Server logs: rotated out after 30 days.
  • Database backups: nightly tar.gz on the production VPS, retained for 14 days, then deleted.

7. Your rights

Regardless of jurisdiction, you may request the following at any time:

  • Access — a copy of the personal data we hold about you.
  • Rectification — correction of inaccurate or incomplete data.
  • Erasure — deletion of your account and personal data.
  • Portability — a machine-readable export of your data (CSV, JSON, or full backup zip).
  • Objection — stop processing for specific purposes.
  • Withdraw consent at any time without affecting prior lawful processing.
  • Lodge a complaint with your local supervisory authority.

California residents (CCPA / CPRA): you have the right to know what we collect, to delete, to correct, to opt out of sale or sharing of personal information (we do not sell or share for cross-context behavioral advertising), and to limit the use of sensitive personal information. We do not discriminate against residents who exercise these rights.

EU / UK residents (GDPR / UK GDPR): the rights above plus the right to object to legitimate-interest processing and the right to lodge a complaint with the ICO (UK) or your member-state DPA (EU).

To exercise any right, email [email protected] with the subject line Privacy request and the type of request. We respond within 30 days.

8. Subprocessors

We use a small set of third-party services to run MemberDex. The current list, with the data shared and the country, is on our Subprocessors page. We will give 30 days' notice before adding a new subprocessor that processes member personal data.

9. International transfers

The MemberDex production server is hosted in Virginia, United States (Hetzner Cloud). Stripe processes payment data in the United States and the European Economic Area. Resend (transactional email) and Cloudflare (DNS, marketing site edge) operate globally. Where personal data of EU, UK, or other non-US data subjects is transferred to the United States, transfers are protected by Standard Contractual Clauses or equivalent safeguards published by each subprocessor.

10. Children's privacy (COPPA)

MemberDex is not directed to children under 13. Community admins must not invite a child under 13 unless they have verifiable parental or guardian consent and a documented purpose for that child's profile to appear in the community directory. We do not knowingly collect personal information from children under 13 directly. If you believe a child's information was added without consent, email [email protected] and we will delete it within 30 days.

11. Data breach notification

If we become aware of a security incident that materially affects your personal data, we will notify the affected community's billing contact within 72 hours of discovery, with a summary of the data affected, the mitigation steps taken, and recommended actions. For EU and UK customers this commitment matches the GDPR Article 33 timing for processor notifications to controllers.

12. Cookies and tracking

The MemberDex marketing site (memberdex.tatzel.io) sets no cookies and uses no analytics. The admin dashboard (app.memberdex.tatzel.io) uses sessionStorage for authentication tokens during your session — that storage is cleared when you close the browser tab. We do not use third-party trackers, fingerprinting, or session-replay tools.

13. Changes to this policy

Material changes will be communicated by email to your community's billing contact and reflected by an updated effective date at the top of this page. Continued use of the service after a material change indicates acceptance of the updated policy.

14. Contact

General privacy questions and rights requests: [email protected] (subject line Privacy request for rights requests).

Postal address available on request: David Tatzel, Massachusetts, United States.