Security

Last updated: March 3, 2026

ChapterHQ is built for organizations that manage sensitive membership data, financial records, and internal communications. We understand that your data security is not optional, and we have designed every layer of our platform with that in mind. This page describes how we protect your organization's information and the security standards we uphold.

Infrastructure

ChapterHQ runs on infrastructure from providers with independently audited security programs:

  • DigitalOcean hosts our application servers and databases. DigitalOcean maintains SOC 2 Type II certification and provides encrypted storage volumes, private networking, and automated security patches.
  • Cloudflare sits in front of all traffic to ChapterHQ, providing Web Application Firewall (WAF) protection, DDoS mitigation, and global edge caching. Cloudflare maintains SOC 2 Type II and ISO 27001 certifications.
  • All data is encrypted at rest on our database servers and encrypted in transit between every component of the system.

Authentication

All user authentication is handled by Clerk, a SOC 2 Type II certified identity provider. Clerk provides:

  • Multi factor authentication (MFA) available for all accounts, with support for authenticator apps and SMS verification.
  • Breached password detection that automatically checks new passwords against known compromised credential databases.
  • Session management with configurable token lifetimes, automatic session expiration, and the ability to revoke active sessions from any device.
  • Bot protection that guards sign in and sign up flows against automated attacks.

ChapterHQ never stores passwords directly. All credential management is delegated entirely to Clerk.

Payments

All payment processing is handled by Stripe, which is PCI DSS Level 1 certified, the highest level of certification in the payment card industry.

  • ChapterHQ never stores, processes, or transmits credit card numbers. Card data is collected directly by Stripe's embeddable payment elements and never touches our servers.
  • All payment communication between Stripe and our platform uses tokenized references, not raw card data.
  • Stripe provides fraud detection and chargeback protection as part of their platform.

Data Isolation

ChapterHQ is a multi tenant platform, and strict data isolation between organizations is enforced at every level:

  • Every database row is scoped to a specific organization using an internal organization identifier. This scoping is applied consistently across all 60+ database tables.
  • All queries filter by organization at the data access layer, making cross organization data leakage impossible by design.
  • The Admin API enforces organization scoping through API key authentication, where each key is bound to a single organization.
  • AI features analyze data strictly within the boundaries of a single organization. No data from one organization is ever accessible to or shared with another.

Access Control

ChapterHQ provides multiple layers of access control to ensure that only authorized users can view or modify data:

  • Role based permissions: organization administrators assign roles to members (admin, officer, member), and the platform enforces feature access based on those roles.
  • Invite only membership: new members can only join an organization through an administrator issued invitation or direct creation. There is no self registration into an existing organization.
  • API key scopes: programmatic access through the Admin API requires an API key with explicitly granted scopes. 23 granular scopes across 12 modules allow administrators to grant only the permissions each integration needs.
  • Rate limiting: API keys are subject to configurable per key rate limits (default 60 requests per minute) to prevent abuse and protect platform stability.
  • Key expiration: API keys support optional expiration dates, and administrators can revoke or rotate keys at any time through the settings interface.

Encryption

We use strong encryption standards across the platform:

  • In transit: all connections to ChapterHQ are encrypted with TLS 1.3 via Cloudflare. HTTP requests are automatically redirected to HTTPS.
  • At rest: database volumes are encrypted using provider managed encryption. PostgreSQL uses scram-sha-256 password authentication for database connections.
  • Application layer: organization administrators who bring their own AI API keys (BYOK) have those keys encrypted with AES 256 GCM before storage. The encryption key is managed separately from the database and is never committed to source control.

Backups

Automated database backups run daily with a 14 day retention period. Backups are stored separately from the production database to protect against data loss from infrastructure failures. In the event of an incident, we can restore organizational data to any point within the retention window.

Responsible Disclosure

We take security vulnerabilities seriously and appreciate the work of security researchers who help us keep ChapterHQ safe. If you discover a potential security issue, please report it to us privately so we can investigate and address it before any public disclosure.

Please report security vulnerabilities to [email protected]. We will acknowledge your report within 48 hours and work with you to understand and resolve the issue. We ask that you give us reasonable time to address the vulnerability before disclosing it publicly.