Skip to main content
Visit Lumaverse

Contact Support (support@clubexpress.com)
or click the contact support button above
Contact Sales (sales@clubexpress.com)
or click the contact sales/request demo button above
Tour People Website Money
Club Communications Chapters Aging in Place Villages
Demo Club Support Pricing About
Copyright © 2024 ClubExpress - All Rights Reserved
Contact Sales / Request Demo Contact Support Sign up for a free trial Watch a Webinar
HomeSecurity

Security, Privacy and Ownership of Data


Comprehensive Security
The ClubExpress security implementation exceeds all national and international requirements and is the most comprehensive of any company in the industry. (Also see below for information about GDPR compliance.)

Physical and Network Security
Our servers are cloud hosted and operated by one of the most respected hosting companies in the business. No one gets physical access to the servers, not even us (we manage them remotely using a powerful VPN.)  The data centers are highly secure, with 24/7 monitoring, physical barriers, security guards, and surveillance systems. They are located in undisclosed locations for added security. The servers are located behind a firewall that is locked down tight; we don’t let anything in except what is specifically permitted by the platform.  We implement tools that enable continuous monitoring and logging of network activity, helping identify potential security threats or unauthorized access.

Redundancy
Multiple redundancies are built into the system. Data is backed up nightly to offsite storage, and the database servers are also backed up in real time. Database backups are replicated across regions and Availability Zones, ensuring data durability and preventing data loss due to hardware failure or disasters.

Passwords Encryption
Member and admin passwords are fully encrypted using one-way hashed and salted algorithms. We can reset them but we cannot read them (in case a member uses the same password for different websites.) Credit card data is encrypted within the database using Triple DES. ClubExpress is fully PCI (Payment Card Industry) Compliant as a Level 2 merchant. A current PCI Compliance certificate can be provided on request.

7 Separate Levels of Access
ClubExpress supports 7 separate levels of administrator/coordinator access, and you can have as many people as you need at each level.

Cookies
ClubExpress does not use 3rd party cookies. We use only session cookies and a couple of 1st party cookies to remember each user's personal configuration, such as the "Remember Me" setting for automatic login.

HTTPS Support
ClubExpress websites use https:// for all pages. Member and admin interactions with ClubExpress cannot be sniffed or intercepted. We also require a minimum of TLS1.2, and also support the new TLS 1.3 standard.

ClubExpress also allows clubs and associations to purchase a SSL certificates from us, installed automatically on our servers, so that your own domain name appears in the address bar for all users, across the whole website.

ClubExpress is the only association management vendor to receive a grade of “A” from the Qualys SSL Labs testing service. https://www.ssllabs.com/ssltest/

Members Have Full Control of Their Data
Members have full control over the visibility of their data, including the ability to receive emails and whether they appear in the member directory and what information is shown. Of course, you can also turn off the membership directory completely so that member data is only visible to authorized admins.

You Retain Ownership of Your Data
ClubExpress is an Online Service Provider (OSP). As such, you retain ownership of your data at all times. ClubExpress will never sell, barter, trade or otherwise share member or non-member data with 3rd parties. We will never contact your members or non-members directly except as part of the official business of your organization (for example, to send members a scheduled renewal notice.) And we never put advertising on your website!

Privacy Rules and GDPR Compliance
ClubExpress is fully compliant with the General Data Protection Regulation (GDPR) enacted by the European Union in May, 2018. But we also provide the tools to allow your club or association to be compliant. Through ClubExpress, you define a Data Protection Officer and specify how member and non-member data will be collected, stored, and processed. Members and non-members must consent to storing and processing their data in the US (on the ClubExpress servers), to receive transaction messages from your organization, and to share their data for official club purposes. ClubExpress also provides the interface to respond to "Forget Me" requests.

Unlike other AMS vendors who just protect themselves, with ClubExpress, you don't need to consult with lawyers or experts to fully understand these regulations (a complex and daunting task.) ClubExpress has done the hard work to protect you under GDPR.

We did a webinar on May 30th, 2018 on GDPR and Privacy:
Read the Announcement Details
Watch Webinar Video
Privacy Webinar - Slide Show
Privacy Webinar - Chat Transcript

What others are saying about ClubExpress :

Read ClubExpress reviews on G2