Support

Security and privacy

Use roles, MFA, private files, audit records, and privacy workflows responsibly.

Audience
Organization owners, administrators, and members
Reading time
12 minute read

Before you begin

What you’ll need

  • An authenticated account for private actions
  • Organization authorization for administrative data
  • MFA for privileged administration
01

Protect administrator accounts

Administrator access is separate from membership and should be granted according to job responsibility.

  • Use an individual administrator account; never share passwords, magic links, or MFA codes.
  • Enable MFA and complete step-up verification when prompted for privileged work.
  • Grant the smallest role that supports the person's responsibilities and remove access promptly when duties change.
  • Review unexpected access or security notifications through a trusted organization contact.
02

Handle sensitive member data

Contact details, internal notes, financial records, mailing exports, and integration credentials require different permissions and handling rules.

  • Collect only information needed for membership operations.
  • Avoid putting secrets, payment-card data, authentication codes, or unnecessary sensitive details in member notes.
  • Download member or mailing data only for an approved task and remove working copies according to organization policy.
  • Do not send sensitive exports through personal email or unapproved file-sharing services.
03

Respond to a privacy request

Use the organization's verified process for access, correction, export, retention, or deletion requests.

  1. Verify the requester's identity without asking for passwords or one-time codes.
  2. Record the request and its scope through the approved support or privacy workflow.
  3. Review legal, financial, audit, publication, and membership records that may require retention.
  4. Correct inaccurate profile data through normal commands and preserve required historical records.
  5. Document completion and communicate the result through the verified contact channel.
04

Report a security concern

If you suspect unauthorized access, a leaked export, a fraudulent payment, or an account compromise, stop the affected workflow and contact the organization through its trusted support channel.

  • Include the organization, approximate time, affected feature, and what you observed.
  • Do not include passwords, full payment-card details, secret keys, or MFA codes.
  • Preserve relevant reference IDs and avoid repeatedly retrying a suspicious action.