ID #1035

How secure is my customer data in LeashTime?

Access to the LeashTime application is available only to users with LeashTime usernames and passwords, and access to the database holding client information is available only through the LeashTime application.  Here are the salient points:
  • Only authorized personnel and the client herself can see the client's private information.
  • Besides the client, access is limited to business managers and to the sitter visiting the client's home.  Access is password-protected.
  • LeashTime's entire database is protected by a firewall in a state-of the-art data center.
  • All communication between LeashTime and the browser on your computer or smartphone is encrypted using SSL.
  • Credit card information (if any) is stored in encrypted format.  Once entered, neither manager, nor sitter, nor client can see full credit card numbers or card security codes.

An individual client's information is protected at multiple levels:

The Browser
The web browser communicates with the LeashTime server over an encrypted connection called SSL, so surreptitious listeners cannot intercept customer information as it passes between the server and the browser.

The Database
Your business's data is kept in its own separate database behind a firewall.  There is no chance of a person from another business viewing your customer's information either intentionally or unintentionally.  Inside the database, user passwords are stored using one-way encryption, making it impossible for anyone, including LeashTime staff, to find out what password was originally supplied by the user.  Your database is backed up every day to guard against database server failure.

The Facility
All LeashTime data is stored in a dedicated server at Rackspace, a world-class data center with high security standards and very high reliability.

Roles
Each user who logs in to LeashTime has a particular role: Manager, Sitter or Client, and each role's scope of information access is limited.  Clients can view only their own information.  Sitters can view the data only of the clients whom they serve, at the manager's discretion.  Managers can view the information only of clients of their business.

Credit Card Information
If you accept credit card payments through LeashTime, the critical pieces of information (the credit card number and the security code) are encrypted before being stored in the database.  These numbers are only decrypted when a credit card transaction is performed.  Credit card numbers and security codes are never revealed to pet care business staff or LeashTime staff.  If a "three step" gateway is used to perform credit card transactions, these numbers are never even stored in LeashTime's database.  Instead, a three step process is used behind the scenes to pass the credit card information directly to the gateway so that LeashTime's server never sees it.

Credit Card Handling Policy

To edit a client's credit card information (that is, to add a new card or change an expiration date -- the credit card number can not be seen or edited), a pet care business manager must be granted special permissions.  Before editing the card or charging the card, LeashTime requires her to supply her password again, and after 15 minutes of credit-card-related inactivity, she must supply the password again before she can resume working with credit card information.

Tags: -

Related entries:

You cannot comment on this entry