Skip to main content
HomeSecurity

Security and Privacy


Security

ClubExpress is a shared platform. All of our customers (clubs and associations) run on the same servers. So there is one set of database tables behind the scenes which contain all the data for all clubs using the platform. But the platform was designed to rigidly separate club data; you will never see data from other clubs and they will never see your data. No club has a higher or lower level of access than any other club.

Our servers are located in a high security data center, operated by one of the most respected hosting companies in the business. No-one gets physical access to the servers, even we have to manage them remotely. The servers are behind multiple firewalls which are locked down tight; we don't let anything in except what is specifically permitted by the platform. The servers are fully backed up every night and the actual database files are backed up in real time. They have redundant, hot-swap hard disks and power supplies so that if a hard disk or power supply goes down, the server keeps running while it's replaced. The hard disks use a technology called RAID5 for multiple redundancy. Operating System and other security updates are immediately installed to protect against the latest hacker exploits.

We encrypt member passwords using one-way hashed and salted algorithms. This way, no-one can find your actual passwords; we don't even know them!

As a final layer of protection, as soon as a member logs in, the whole interaction from that point forward is done as a secure session, using SSL/TLS with a 2048 bit key. This is a significant burden on our servers but we feel that it's worth it for the additional protection provided. Member and admin interactions with the server cannot be sniffed or intercepted.

For online credit card transactions, using the built-in merchant account or your own merchant account, ClubExpress is fully PCI-Compliant (Payment Card Industry). We are a Level 3 merchant, where the requirements are considerably stricter than, for example, your local dry cleaner.

And when we interact with your bank account, it’s done using the Automated Clearing House (ACH) system, used by banks and corporations around the world to electronically transfer funds. In addition, special authorization codes are required to initiate transfers; the system won’t do it unattended and an individual user cannot do it without the codes. (One of these codes even changes every 60 seconds!)

Privacy

ClubExpress operates using one of the strictest privacy policies on the Internet. Click on the link at the bottom of each page to review our Privacy Policy. We will not sell or share member contact details (names, addresses, phone numbers or email addresses) with anyone. End of story. We also strongly encourage club and association officers to adhere to this policy.

When a visitor sees an email address on our site, (for example, on the Contact Us page), it is displayed as an image file (GIF). This feature protects against Internet robots that might try to harvest the names for spam mailing or other purposes. Only after members log in will they see email addresses (for example, on a Member Profile page) that are clickable.

Ownership of Data

Our policy here is simple: You own your data.

ClubExpress serves as an Online Service Provider making our databases and software available to help you run your club or association. All data you enter into the system, including discussion forum messages, events, documents, photos, member data and information in other modules remains your property, and ClubExpress exerts no ownership rights over this data. So we will never contact your members except for an official communication related to their membership in your club or association (for example, a renewal notice.) Also, we will never sell or give your member's names or other contact information to anyone for commercial or marketing purposes.

As part of our service, we backup the database every day. But this backup is kept in archival storage and will not be used for any purpose except to restore the database in the event of a hardware crash.

ClubExpress does not require you to sign a long term contract. You may cancel at any time and your service will run until the end of the current month (or longer if you request.)

What others are saying about ClubExpress :