Technology & security explained transparently

Q: Where is the data hosted? In Switzerland?

Infrastructure on Kubernetes at Hetzner in the EU. Compliant with the Swiss nDSG and the GDPR. We currently don’t offer dedicated hosting in Switzerland.

Q: What happens to our data if we cancel?

All data is accessible via REST API as JSON, Excel, or PDF.

Q: What happens in case of an outage or data loss?

PostgreSQL with point-in-time recovery, twice-daily backups to separate storage pools, monitoring via Sentry. All files (receipts, attachments, logos) are stored in S3 buckets and are also backed up twice daily.

Q: Is DigitalMembers open source?

The platform is proprietary, but the REST APIs are openly documented via OpenAPI. Any club can build its own integrations without asking us, at no extra cost.

Microservices, Keycloak auth, HashiCorp Vault, 600+ open REST APIs.

Try for free

Open APIs

600+ OpenAPI endpoints, Swagger UI, automatic SDKs for Python, TypeScript and Swift.

Modern microservice architecture

Microservices on Kubernetes, Kafka for events, PostgreSQL per module. The same architecture as SaaS products with millions of users.

Used daily by us

We use our own platform every day in the team’s day-to-day work for project boards, documentation and internal coordination. We spot bugs first, and features come from real pain points instead of product meetings.

Recommended by

Tesla Owners Switzerland

TSV Rohrdorf

Altpfadi Adler Aarau

Kunst- und Geräteturnen Kleindöttingen

Radfahrerverein der Stadt Winterthur

Turnverein Eien-Kleindöttingen

Schwingerclub Rothenburg

Tesla Owners Switzerland

TSV Rohrdorf

Altpfadi Adler Aarau

Kunst- und Geräteturnen Kleindöttingen

Radfahrerverein der Stadt Winterthur

Turnverein Eien-Kleindöttingen

Schwingerclub Rothenburg

Answers to the typical tech questions

IT-savvy club members ask technical questions before they recommend a platform: Where is the data stored? What backups are in place? How does authentication work? Can you get out again without lock-in?

DigitalMembers runs as a microservice architecture on Kubernetes in EU data centres at Hetzner, with Keycloak for auth, secrets in HashiCorp Vault, twice-daily backups, and monitoring via Sentry. All data can be exported via 600+ REST endpoints and webhooks.

600+ REST APIs with Swagger & automatic SDKs

Over 600 REST endpoints following the OpenAPI standard, searchable via Swagger UI, with generated SDKs for Python, TypeScript, and Swift. Custom integrations take hours, not weeks.

Webhooks, live tracking for Drive, Calendar, email and letters

Drive, Google Calendar, SendGrid and Printerless report changes within seconds: opened emails, clicks, delivered letters. Webhooks are signed, missed events are delivered afterwards.

Keycloak, central login & authorisation server

Keycloak for login, SSO and roles. Standards: OAuth 2.0, OIDC, PKCE, Magic Login, SAML. Two-factor login via TOTP app (Google Authenticator, Authy), FIDO2/WebAuthn security keys and passkeys. Roles are strictly separated per club.

Event streaming with Apache Kafka

Around 15 independent microservices, each with its own database, its own API, its own release cadence. If one fails, the others keep running. Async via Apache Kafka, sync via REST. Each microservice doesn’t run as a single process, but as a group of specialised deployments: one for HTTP requests from the browser (ASGI), others for processing individual event streams from Kafka. In total, hundreds of small processes run in parallel, each independently scalable. Around 80 percent of workloads run event-based in the background, keeping the user interface responsive even during peak loads.

HashiCorp Vault, encrypted secrets

API tokens, SMTP credentials and OAuth secrets are stored encrypted in HashiCorp Vault on a hardened server, not in the app databases. Encryption in transit and at rest included.

Hosting in the EU, GDPR & nDSG compatible

Kubernetes cluster in Hetzner data centres in the EU, with point-in-time recovery on PostgreSQL and twice-daily backups. GDPR- and nDSG-compliant.

Audit log. Traceable down to the minute when it matters

Every security-relevant action (login, access, export, deletion) is logged with who, when, what, IP, and outcome. For auditors, data privacy requests, and suspicious logins. Entries are automatically deleted after three months for data protection reasons.

Tests, monitoring & annual security review

Unit and integration tests per service against real databases, CI with linting, type checking and security scans. Production is monitored via Sentry. Plus an annual external security review of the entire platform.

Error tracking with Sentry, in the EU

Error logs and performance data run via Sentry, hosted in the EU. This way, we detect production issues within minutes.

Privacy-friendly analytics with Matomo

No Google Analytics, no Facebook Pixel, no third-party tracking cookies. Usage metrics run exclusively via our self-hosted Matomo instance on EU infrastructure, anonymised and used only for internal product improvement.

Retention policy, logs, and delivery data

Audit log details are aggregated into daily statistics after 3 months, and the individual entries are deleted. Sending data (email tracking, letter logs, SMS status) follows the data retention policy: two years by default, configurable per club. Less data storage, less risk, clear compliance with the Swiss DPA and GDPR. Details in our privacy policy and the terms and conditions.

Our technology stack

Python, Vue, PostgreSQL, Redis, Keycloak, HashiCorp Vault, Nginx, MinIO (S3), Kubernetes, and self-hosted GitLab. Proven building blocks with a large community that we deliberately use instead of reinventing the wheel.

Frequently Asked Questions

Where is the data hosted? In Switzerland?▾

What happens to our data if we cancel?▾

What happens in case of an outage or data loss?▾

Is DigitalMembers open source?▾

Software you understand and trust

Transparency instead of magic. Every endpoint, every database, every encryption method is documented.

Try for free

← Back to all modules