1. User Security
- (a) DataCracker requires users to create a unique user name and password that must be entered each time a user logs on.
- (b) A session "cookie" is used to record encrypted authentication information. The cookie does not include either the username or password of the user. It is only used for the duration of a specific session.
- (c) Secure Sockets Layer (SSL) technology protects user information and uploaded data. This uses both server authentication and data encryption, ensuring that user data is safe, secure, and available only to authorized persons.
- (d) Passwords and credit card information are always sent over secure 128-bit encrypted SSL connections.
- (e) Our procedures for managing payments and account information are PCI-DSS compliant.
- (f) Credit card information is not processed, stored or transmitted on DataCracker servers. It is handled directly by third-party payment processors who are PCI-DSS compliant.
2. Physical, Network and Storage Security
DataCracker runs in data centers managed and operated by Microsoft Global Foundation Services (GFS). These geographically dispersed data centers comply with key industry standards, such as ISO/IEC 27001:2005, for security and reliability. More information is available from Microsoft.
- Code is written in C#, ASP.NET 4.0, running on Windows Server 2012 and Microsoft SQL Azure.
- The latest patches are automatically applied to all our operating system and application files.
4. What We Do If There is a Security Breach
- Attempt to notify users electronically.
- Review our policies and procedures.
Last Modified: 5 October 2016