Quiet pages

MemberCairn Data Processing Addendum

Effective Date: June 15, 2026 Last Updated: June 15, 2026

This Data Processing Addendum (“DPA”) is incorporated by reference into the MemberCairn Terms of Use. It establishes the rights and obligations of the parties regarding the processing of Organization Personal Data.

1. Roles and Scope

  • Controller: The Organization using the Service.
  • Processor: MemberCairn LLC.
  • Scope: This DPA applies when MemberCairn processes Organization Personal Data to provide the Service.

2. Processing Details

  • Subject Matter: The provision of the MemberCairn platform.
  • Nature and Purpose: Storing, routing, and processing data using automated systems and AI language models to facilitate organizational communication and membership management.
  • Data Subjects: The Organization’s members, prospects, parents, guardians, and participating youth.
  • Categories of Data: Names, youth program details (grade, rank, den, national membership identifiers), communication content, timestamps, and opt-in or opt-out preferences.

3. Processor Obligations

  • Instructions: MemberCairn will process data only on documented instructions from the Organization. The Terms of Use and platform configurations constitute these instructions.
  • Confidentiality: MemberCairn will ensure that personnel authorized to process data are bound by confidentiality obligations.
  • Security: MemberCairn will implement reasonable technical and organizational measures to protect data against unauthorized access, loss, or alteration.
  • Data Subject Rights: MemberCairn will reasonably assist the Organization in fulfilling its obligations to respond to data subject requests.

4. Subprocessing

The Organization grants MemberCairn general authorization to engage subprocessors. MemberCairn imposes data protection obligations on subprocessors that are no less protective than those in this DPA.

Current Approved Subprocessors:

  • Anthropic, PBC: AI language model processing.
  • Postmark (an ActiveCampaign company): Transactional and bulk email delivery.
  • Twilio Inc.: SMS text message delivery.
  • Fly.io, Inc.: Application hosting and compute.
  • Cloudflare, Inc.: DNS, network security, and backup storage.

MemberCairn will update this DPA or the applicable legal pages to notify the Organization of any intended changes to this list.

5. Security Incidents

If MemberCairn becomes aware of a confirmed security breach impacting Organization Personal Data, it will notify the Organization without undue delay and provide reasonable information to help the Organization meet its regulatory obligations.

6. Deletion or Return of Data

Upon termination of the Terms of Use, MemberCairn will delete or return all Organization Personal Data within a reasonable timeframe. MemberCairn may retain data if required by applicable law or for necessary audit and opt-out suppression records.