MemberBay is a specialized retention platform built for home service businesses. We help you automatically track, engage, and save at-risk memberships before they cancel, directly recovering lost revenue and maximizing the lifetime value of your customer base.

How does it connect to ServiceTitan?

You create your own API application in the ServiceTitan Developer Portal (developer.servicetitan.io), then paste your Tenant ID, Client ID, Client Secret, and App Key into MemberBay. Once connected, MemberBay securely pulls in your customer and membership data in real-time.

How long does setup take?

Initial setup takes about 5 minutes. You create an API application in the ServiceTitan Developer Portal, copy four credential values into MemberBay, and our system automatically begins syncing your data. You can start seeing insights on the very first day.

Yes. MemberBay requests only the ServiceTitan scopes needed for retention - customers, memberships, jobs, and invoices - and never requests payroll, GPS, inventory, or banking data. Credentials are encrypted at rest, and every tenant's data is isolated at the database level. Full details at memberbay.io/security.

Will MemberBay slow down my ServiceTitan?

No. MemberBay uses ServiceTitan's official read-only API and syncs your data on our own servers in the background. Nothing extra runs inside your ServiceTitan tenant - no injected scripts, no heavy queries, no shared compute. We also rate-limit our own reads to stay well under ServiceTitan's API quotas, even for shops with 2,000+ memberships.

Can I export my data if I cancel?

Yes. You own your data. At any time - including after cancelling - you can request a full export of your members, churn signals, action history, notes, and reports. The export is delivered in a standard machine-readable format (JSON or CSV) within 14 business days. Most of the underlying data also lives in ServiceTitan; MemberBay never locks you in.

What happens during the free trial?

Your free trial gives you full, unrestricted access to the entire MemberBay platform for 14 days. You can connect your ServiceTitan account, monitor real-time membership churn, and experience the exact workflow and see ROI before making any payment.

What is MemberBay Pulse?

MemberBay Pulse is a free Chrome Extension that brings your membership data directly into your ServiceTitan workflow. It shows overdue accounts, upcoming renewals, and outreach status - so your team can take action without switching tabs. Available on the Chrome Web Store for any MemberBay subscriber.

MemberBay Security

1. Overview

This page explains how MemberBay (memberbay.io) accesses, processes, and protects data — both through the ServiceTitan API integration and through the MemberBay Pulse Chrome extension.

MemberBay is a retention and churn product for HVAC membership contracts. We request only the scopes required to identify your customers, understand their memberships, observe churn signals, and take explicit retention actions. We deliberately do not request access to payroll, GPS tracking, inventory, purchase orders, banking, or the controller-level financial stack.

MemberBay is operated by: UNIPERSONAL KHRESTENKOV DANIIL, Barroso 3605, 3, Buceo, Montevideo, Uruguay, 11400 RUT: 220740740013 Contact: [email protected]

2. What We Access in Your ServiceTitan Tenant

MemberBay reads the following categories of data from ServiceTitan:

Customers and locations — customer records, service addresses, and primary contact details, used for customer search, profile views, and outreach context.
Memberships — customer memberships, membership types, and recurring service schedules, used to build the active-member dashboard, detect missed services, and score churn risk.
Jobs and appointments — job history, job types, and appointment records, used to identify operational churn signals such as cancellations, no-shows, and repeat service issues.
Invoices and payment types — invoice history and the payment method recorded against each invoice, used to surface billing failures and dunning risk.
Business units — used to validate your tenant and, for multi-location shops, filter data by business unit.

We read this data on an as-needed basis when you use MemberBay, plus a periodic background sync to keep the churn dashboard current. All calls go directly from our servers to the ServiceTitan API over TLS.

3. What We Explicitly Do Not Access

We do not request — and cannot silently request — any of the following scopes. Any scope change requires your ServiceTitan admin to re-authorize MemberBay through the OAuth connection flow.

Payroll — employee pay, timesheets, gross pay items, and deductions.
GPS and technician location — we do not do technician tracking.
Inventory — warehouse stock, adjustments, transfers, vendor items.
Purchase orders, receipts, and bills — accounts payable is bookkeeping, not retention.
General ledger — accounting periods, chart of accounts, journal entries.
Banking — deposits, bank accounts, ACH data. We do not touch banking data.
Vendors — accounts-payable-adjacent records.
Dispatch assignments — dispatching jobs to technicians belongs to your dispatcher.
Pricebook writes — a bad pricebook write would affect every tech and every customer; we do not take that risk.
Settings writes — business unit, employee, and tag-type configuration remain under your admin's control.

If a future feature requires a new scope, we will publish the change here, update our internal scope documentation, and require a re-authorization by your admin before the new permission takes effect.

4. Write Actions

MemberBay can write to the following resources in your ServiceTitan tenant. Every write is either explicitly triggered by a user action inside MemberBay or executed by a tenant-enabled automation your admin has configured in settings. There are no hidden or background writes.

Customer memberships — create, update, suspend, and reactivate memberships (for example, the "Reactivate membership" action, or an optional auto-suspend policy on repeat payment failure).
Jobs — create and update jobs (for example, the "Book save visit" action, or the cancel-job flow when a customer declines a proposed visit).

Any expansion of write scope — for example, writing tags, notes, or customer descriptions — will be disclosed on this page and will require a re-authorization before it is enabled for your tenant.

5. Chrome Extension (MemberBay Pulse)

MemberBay Pulse is an optional Chrome extension, published through the Chrome Web Store. It displays membership risk and retention actions as an overlay on top of ServiceTitan pages. Because extensions run inside the user's browser with the user's own ServiceTitan session, we hold them to a stricter scope than the API integration and document them separately.

The claims in this section reflect the current published version (v2.2.0) and match the extension's manifest.json and source code, which is reviewed alongside this page on every change.

Browser permissions we request

storage — local storage for UI preferences and a short-lived cache of at-risk counts and Pulse stats so the popup opens instantly. Also used for the encrypted-in-session auth token.
alarms — schedules a periodic background sync so the badge count and cache stay current.

Host permissions we request (the only domains the extension can see):

https://go.servicetitan.com/* — where the overlay appears.
https://*.memberbay.io/* and https://api.memberbay.io/* — the MemberBay web app and API.

The extension cannot reach any other domain. It does not work on any other website.

Permissions we explicitly do NOT request

Adding any of these would require a manifest update, a Chrome Web Store re-review, and a re-install by the user — it cannot happen silently.

<all_urls> — the extension cannot touch pages outside ServiceTitan and MemberBay.
tabs — we do not enumerate or read other open tabs.
cookies — we do not read browser cookies directly.
webRequest / webRequestBlocking — we do not intercept or modify network traffic.
history, bookmarks, downloads — no access to browsing history or downloads.
clipboardRead / clipboardWrite — the extension never touches the clipboard.
scripting — no dynamic script injection beyond the declared content scripts.
nativeMessaging — no communication with native apps.
declarativeNetRequest — we do not rewrite or block network requests.

What the extension reads from ServiceTitan pages

The content script reads only window.location.href to detect which customer, membership, or job ID you are currently viewing. It does not scrape the DOM, form fields, invoice amounts, credit-card fields, or any other page content. A MutationObserver is used only to know when ServiceTitan's single-page app has finished rendering a new hash-routed page — its callback does not read mutation content.

An earlier version of the extension had an opt-in "scraping" mode that read data from the DOM. It was removed as part of the 2026 security revision. The extension now uses your MemberBay backend as the single source of truth.

What the extension sends

All extension API calls go to a single host: api.memberbay.io. When you interact with the extension, we send:

Customer, membership, or job IDs you view (to fetch overlay data you already own in MemberBay).
Actions you explicitly trigger — mark-contacted, invite team member, switch tenant.
Your MemberBay Bearer auth token on every request.

The extension does not send:

Payment card data, invoice details, or any ServiceTitan page content.
Cookies or session tokens belonging to ServiceTitan.
Keystrokes, clipboard content, or clicks outside the extension's own UI.
Anything to any third party — no analytics SDK, no error tracker, no advertising network.

Authentication and token handling

Sign-in happens on memberbay.io/extension-sign-in. You must click "Confirm Connection" before the extension's auth bridge captures your session token; before that click, nothing is captured.

Tokens are stored in chrome.storage.session, which Chrome clears automatically when you quit the browser. Tokens do not survive a browser restart.
The auth bridge only runs on the /extension-sign-in page and is a no-op on any other MemberBay page.
Signing out from the extension popup clears all tokens immediately.
No credentials are logged, exported, or sent to any third party.

Update mechanism

Updates are distributed only through the Chrome Web Store. There is no sideload, no auto-updater outside Chrome, and no remote code execution — all extension code is bundled at build time, as required by Chrome's Manifest V3 policy. Release notes are maintained in our changelog.

6. Credential and Token Storage

Per-tenant OAuth credentials are encrypted at rest using AES-GCM with tenant-scoped keys. Keys are managed separately from the encrypted payload.
Access tokens are held in memory only and refreshed on expiry.
Refresh tokens live only in the encrypted store and are never logged, exported, or sent to third parties.

If you disconnect your tenant, all credentials are revoked immediately. We stop calling the ServiceTitan API at the moment of disconnection.

7. Data Isolation and Access Controls

Row-level security (RLS) policies enforce multi-tenant data isolation at the database level. Each tenant's data is fully partitioned; there is no cross-tenant read path.
Audit logging records every ServiceTitan API call with tenant ID, endpoint, and actor (user or automation). Access logs are available on request under our Data Processing Agreement.
Administrative access is limited to engineers with a documented need. Every admin access is logged. MemberBay's team roster is disclosed on request as part of security review.
Authentication and API-key rotation are automated and logged. Rotation events appear in the audit log.

8. Encryption

In transit: all traffic to and from MemberBay is encrypted with TLS 1.2 or higher.
At rest: sensitive credentials, including ServiceTitan OAuth secrets, are encrypted with AES-256 (Fernet). Database-level encryption is provided by our hosting infrastructure.

9. Sub-processors

MemberBay uses the following sub-processors to operate the service. A current list is also maintained in our Privacy Policy.

Vercel — hosting and infrastructure for the web application.
Supabase — database and authentication.
Lemon Squeezy — subscription billing and payment processing.
Anthropic — AI-powered features (customer summaries, retention insights). Data sent to Anthropic is scoped to the feature; no full-tenant data is exported.
ServiceTitan — the underlying system of record for your tenant data.

We will notify affected customers in advance of adding a new sub-processor where required by law.

10. Data Residency

Our primary infrastructure is hosted in the United States (Vercel, Supabase) and the European Union. Where required by law, we implement appropriate safeguards for cross-border transfers, including Standard Contractual Clauses (SCCs) approved by the European Commission or other legally recognized transfer mechanisms.

Request a copy of applicable SCCs or our Data Processing Agreement by contacting [email protected].

11. Incident Response

If we become aware of a security incident that affects your data, we will:

Investigate and contain the incident on an urgent basis.
Notify affected customers without undue delay, and in any case within the timeframes required by applicable law (for example, GDPR Art. 33 — 72 hours to the supervisory authority).
Provide a written summary of the incident, the data categories affected, the mitigation steps taken, and the remediation plan.

Contact for incident notification: [email protected].

12. Responsible Disclosure

If you believe you have discovered a security vulnerability in MemberBay — whether in the web app, the API, or the Chrome extension — please report it to [email protected] with "Security" in the subject line. Please do not publicly disclose the issue until we have had a reasonable opportunity to investigate and remediate.

We will:

Acknowledge receipt within two business days.
Provide a remediation plan or status update within ten business days.
Credit reporters who request credit, once the issue is resolved.

We do not currently run a paid bug bounty program.

13. Data Retention and Deletion

Operational data synced from ServiceTitan is retained while your account is active. On termination or disconnection, synced data is deleted within 30 days, or sooner on written request.
Audit logs are retained for up to 12 months.
Billing records are retained for up to 7 years to meet tax and accounting obligations.

For the full retention policy, including Data Processing Agreement terms for EU/EEA data subjects, see the Privacy Policy.

14. Compliance

GDPR and CCPA/CPRA — MemberBay handles personal data subject to these regimes as a Data Processor on behalf of the customer (Data Controller). See the Privacy Policy for the full rights framework.
SOC 2 — not yet certified. We follow SOC 2-aligned practices (access control, audit logging, encryption, vendor management) and will publish certification status here when the audit is completed.

A Data Processing Agreement is available on request at [email protected].

15. Security Questionnaires and Vendor Reviews

For enterprise security reviews, please contact [email protected]. We maintain a prepared response to common questionnaires, including:

CAIQ (Consensus Assessments Initiative Questionnaire)
SIG / SIG Lite (Standardized Information Gathering)
Custom vendor-risk questionnaires from enterprise procurement

We typically return a completed questionnaire within five business days.

16. Updates to This Page

We update this page when we change the scopes we request, publish a new version of the Chrome extension with different permissions, add a sub-processor, change our security controls, or add a compliance attestation. Material changes are announced by email to the account owner at least 30 days before they take effect.

Previous versions are available on request.

17. Contact

For security questions, questionnaires, or responsible disclosure reports, contact:

[email protected]

UNIPERSONAL KHRESTENKOV DANIIL

Barroso 3605, 3, Buceo, Montevideo, Uruguay, 11400

Security — MemberBay