DISCLAIMER
We do our best to keep this information updated but there may be inaccuracies or omissions contained. If you spot something, please
contact us and let us know.
The following information will be valuable in crafting your Privacy Policies and consents for GDPR and other regulations. However, you are ultimately responsible for ensuring your website forms and policies are in accordance with local and other applicable laws and regulations. If you need assistance, we recommend researching these regulations online and/or consulting a legal expert.
1. What Data Does MemberPress.com Store About My Users?
MemberPress data is stored locally in your own WordPress site's database, which in most cases is provided and maintained by your web-hosting provider. No personal information about your MemberPress users is ever sent to MemberPress.com or our associated servers or providers. For this reason, you do
not need a DPA from MemberPress.com. You may need a DPA from other 3rd party services you connect MemberPress with such as MailChimp, Stripe, PayPal, etc.
If you have enabled the “Anonymous usage reporting” feature in MemberPress -> Settings -> General tab – then some data is sent and stored on our servers. This data contains things like the number of subscribers on your site, the add-ons you have activated, etc. and is completely anonymous. The usage data collected
cannot be used to identify you or your customers in any way.
2. What Data Does MemberPress Store in my Local Database?
In order for MemberPress features to work appropriately, some personally identifiable information must be stored about your members in order for you and your customers to get the most out of the membership experience.
2.1 – Built-in Information Fields
MemberPress contains the following built-in information fields. Some of these fields (marked with an *) can be disabled.
- First Name*
- Last Name*
- Username* (can be set to email address instead)
- Email Address
- Date of Registration
- Password (securely hashed by WordPress prior to storage in the database)
- Address (Line 1, Line 2, City, State, Zip, Country)*
IP AddressRemoved in MemberPress 1.3.36+- Geo-Located country. (ONLY WHEN VAT IS ENABLED) Based on the user's IP address – the IP is not stored by MemberPress but is sent to the MemberPress geo-locating service. The service compares the IP with a database of known IP locations. The IP is never shared or stored by this service. The service returns a 2 digit country code, and a 2 digit region code indicating the location of the user's IP address which is used to auto-fill in the address fields on the signup forms.
If VAT Taxes are enabled then the following are also stored:
- VAT User Type (Consumer or Business)
- VAT Number (If Business Type)
2.2 – Custom Fields
MemberPress allows you as the site administrator to create your own Custom User Information Fields on the MemberPress -> Settings -> Fields tab. You are responsible for knowing what fields you have created and the data those fields may contain about your users. Be sure to update your Privacy Policy appropriately on how you use/process that data.
2.3 – Events
MemberPress stores various log entries in the database when certain events occur which may contain the user's IP Address. These events are listed below.
- Logins –
User's IP address and time of login are stored each time the user logs in.Removed in MemberPress 1.3.35+ - Subscription/Transaction Completion –
When the user subscribes and successfully pays, their IP address may be stored with the Subscription or Transaction data.Removed in MemberPress 1.3.35+
2.4 – Payment Information
MemberPress does not store or process payment information locally. That information is securely transmitted to, and stored by the Payment Gateway itself. Some limited information about the Credit Cards may be stored. See the
Payment Gateways section below for more information about this data.
2.5 – Add-ons & Integrations
MemberPress stores as little as possible about your users with our integrations and add-ons. Please see the
MemberPress Add-Ons & Integrations or 3rd Party Add-Ons & Integrations section's below for more information about each add-on/integration.
3. Payment Gateways
As mentioned in section 2.4 above, MemberPress does not store payment information locally. That data is securely passed and processed/stored by Stripe.com, PayPal.com, or Authorize.net.
Below is a breakdown of what data is stored locally in your WordPress database, and what data is transmitted to the Payment Gateway. You may need a DPA from each payment gateway you're using.
3.1 – Offline Payment Gateway
Stored in WordPress Database
- Does not store any personal information in the WordPress Database
Sent to 3rd Party
- Does not send any personal information to 3rd parties
3.2 – PayPal Standard
Stored in WordPress Database
- Subscription Profile ID's From PayPal (I-xxxxx… or S-xxxxx… numbers)
- Transaction numbers
Full IPN Response data which may contain the buyer's PayPal Email address or other personal information provided by PayPalRemoved in MemberPress 1.3.35+User's IP AddressRemoved in MemberPress 1.3.35+
Sent to PayPal
- If VAT taxes are enabled and the buyer enters a valid VAT number, the VAT number is passed to PayPal as a custom field
3.3 – PayPal Express Checkout
Stored in WordPress Database
- Subscription Profile ID's From PayPal (I-xxxxx… or S-xxxxx… numbers)
- Transaction numbers
Full IPN Response data which may contain the buyer's PayPal Email address or other personal information provided by PayPalRemoved in MemberPress 1.3.35+User's IP Address
Sent to PayPal
- The buyer's WordPress email address is transmitted to PayPal
3.4 – Stripe
Stored in WordPress Database
- Stripe Customer Numbers (cus_xxxxx…)
- Stripe Subscription Numbers (sub_xxxxx…)
- Transaction charge numbers (ch_xxxxx… or py_xxxxx….)
Full Webhook Response data for Subscriptions and TransactionsRemoved in MemberPress 1.3.35+- User's IP address is visible to Stripe
- Last 4 digits and expiration date of user's Credit Card. This is used for Expiring Card Reminder Emails.
Sent to Stripe.com
- The buyer's first and last name (If enabled in MemberPress Settings)
- The buyer's WordPress email address
- Address (If enabled in MemberPress Settings)
- Full Credit Card Info – Number, CVC, Expiration Date
- If VAT taxes are enabled and the buyer enters a valid VAT number, the VAT number is passed to PayPal as a custom field
- The buyer's IP address
3.5 – Authorize.net
Stored in WordPress Database
- Subscription ID's from ARB
- Transaction numbers
Full Silent Post Response dataRemoved in MemberPress 1.3.35+User's IP AddressRemoved in MemberPress 1.3.35+- Last 4 digits and expiration date of user's Credit Card. This is used for Expiring Card Reminder Emails.
Sent to Authorize.net
- The buyer's WordPress email address
- First and Last names
- Address
- Full Credit Card Info – Number, CVC, Expiration Date
4 – Emails
MemberPress emails admin's for various events that occur on the site.The email text bodies and/or subject lines may contain personally identifiable information about a member on your site. These emails should not be kept in your email folders (inbox, archives etc) for any longer than is needed. We recommend seeking official legal counsel on how long you can and/or should store these emails.
Examples of emails sent might be New Member Signup emails, Transaction or Subscription created emails, and Reminder emails. This is not an exhaustive list of the various emails MemberPress sends out. You can find the email editors in the following locations:
- MemberPress -> Settings -> Emails tab
- MemberPress -> Reminders page
- MemberPress -> Memberships page (you can specify custom Welcome Emails for each Membership when editing)
MemberPress sends some emails for resetting passwords that cannot currently be edited. This document will be updated if that changes in a future release.
5 – Cookies
MemberPress uses the following cookies (only if the mentioned features are being utilized), however neither cookie contains any personal information, nor can it be combined with other data to create a profile of an individual.
Note: WordPress itself also uses cookies which you should be aware of and account for in your policies.
- mplk – If you're using the Custom URI Rules to protect a static file like a PDF, MemberPress creates a cookie temporarily to allow the authorized user to view the file without being redirected. This cookie contains a random alpha-numeric string of text and is removed after 5 seconds.
- mp3pi141592pw – If you're using the PayWall feature to allow visitors to see X number of free views before being blocked. Then this cookie is set in their browser and keeps a hashed count of the number of free views the user has made. This cookie is valid for 30 days.
6 – MemberPress Add-Ons & Integrations
MemberPress provides and maintains the following add-ons and integrations. The personal data transmitted to the 3rd party service for each are detailed below. If the 3rd party service or provider stores and/or processes personal information you may need to get a DPA from them to be fully GDPR compliant.
Active Campaign
- Email address
- IP Address
- Name
AWeber
- Email address
- IP Address
- Name
- WordPress User ID (integer)
Constant Contact
- Email address
- Name
ConvertKit
- Email address
- First Name
Drip
- Email address
- Name
MailChimp 3.0
- Email address
- Name
MailPoet
- The member's email address
- Name
Mailster
- MemberPress does not provide information to Mailster, rather Mailster pulls the information it needs directly from the WordPress User's database.
- Contact Mailster for more information on what (if any) personal data they store or process related to your Members
ChurnBuster
- MemberPress does not transmit any personal information to ChurnBuster as their service integrates directly with your Stripe.com account.
- Contact ChurnBuster support for more information on their Privacy Policies and GDPR compliance
bbPress
- MemberPress does not provide bbPress with any personal information. However, because bbPress is a WordPress plugin, it does process/use your member's information.
- Contact bbPress support for more information concerning their Privacy Policies and GDPR compliance
blubbry Podcasting
- MemberPress does not provide blubbry with any personal information. However, because blubbry is a WordPress plugin, it does have access to process/use your members information.
- Contact blubbry support for more information concerning their Privacy Policies and GDPR compliance
HelpScout
- Does not transmit any personal information to HelpScout servers
- Does display personal information such as name, email, and subscription info in the HelpScout sidebar
- The above information can be viewed by authorized users of your HelpScout organization
Corporate Accounts
- Does not store any additional Personal Information not already mentioned in the MemberPress fields above
- Parent users can see name and email addresses of their Child users
Amazon AWS (S3)
- Does not send any personally identifiable information about your users to AWS. However, AWS will see your member's IP address and user-agent string.
- Contact AWS support for more information regarding their Privacy Policies and GDPR compliance measures
Developer Tools
- You or your Developer are responsible for deciding what data you may be sending to, or receiving from 3rd parties (such as Zapier), and how that data is used.
BuddyPress
- MemberPress does not provide BuddyPress with any personal information. However, because BuddyPress is a WordPress plugin, it does have access to process/use your members information.
- Contact BuddyPress support for more information concerning their Privacy Policies and GDPR compliance
Importer
- You or your Developer are responsible for knowing how the importer is being used, and what data is being imported via the CSV's you create and upload.
- The user data being imported is most likely covered in section 2 above
WordPress User Roles
- Does not store or transmit any personal information
MemberPress Downloads
- IP Address is stored with each download and is visible to Admins on the downloads stats page
Math Captcha
- Does not store or process any personally identifiable information
7 – 3rd Party Add-Ons & Integrations
MemberPress does not officially support any 3rd party integrations, though they are listed at the link below for your convenience. You are responsible for contacting their support to inquire about their Privacy Policies and GDPR compliance.
https://memberpress.com/docs/known-third-party-integrations/