Trust, Security & Privacy

• Accounts use email/password sign-in, with Google sign-in available.
• Member, booth, volunteer, helper, payment, and audit data is gated by row-level security policies in the database. Members can only see and edit their own application; staff/admin/founder roles can manage organization records.
• Roles are stored in a separate user_roles table and verified by security-definer database functions — never by client-side flags.
• Soft-deleted records are recoverable from the admin Recycle Bin for 120 days, after which they are permanently purged.

• The Member Hub is built on the Lovable platform. Traffic to the application is served over HTTPS/TLS.
• Data is stored in the Lovable Cloud managed Postgres database. Service-role credentials are kept on the server and never shipped to the browser.
• Server-side privileged operations (payment capture, role checks, soft-delete cleanup) run inside server functions and webhook routes — not in the client.

• Membership application fields you submit (name, contact information, date of birth, guardian information for minors, signature).
• Booth, volunteer, and event-helper assignments managed by staff.
• Payment records returned by PayPal after a successful checkout (transaction ID, amount, status). Card numbers are never sent to or stored by FUN — they are entered directly into PayPal.
• Administrative audit logs (who changed what, IP address and user-agent of the request) for staff actions.

• Lovable Cloud — application hosting, database, and authentication.
• Google — optional “Sign in with Google” identity provider.
• PayPal — payment processing for membership dues, booth fees, and donations.
• Cookies and local storage are used only to keep you signed in and to remember UI preferences. No third-party advertising or tracking pixels are deployed by FUN.

• Active member, booth, and payment records are retained while your membership or booth assignment is active and for organizational record-keeping afterward.
• When a record is deleted from the admin tools it is soft-deleted to the Recycle Bin for 120 days, then permanently purged.
• To request a copy of your data or to ask for deletion of your account, contact the FUN office using the address below.

If you believe you have found a security vulnerability in the FUN Member Hub, please email the FUN office and include steps to reproduce. Please do not publicly disclose the issue until we have had a chance to investigate and respond.

Florida United Numismatists, Inc. — for privacy requests, security reports, or data questions, please use the official FUN contact page: funtopics.com Contact Us.