PII: Personally Identifiable Information. Information that can be used on its own or with other information to identify, contact or locate a single person or identify an individual in context.
We recognize that server security is a key factor in protecting personal data and make every effort to secure the information. Anything users enter into their accounts is treated as data at a bank, no one else can see it.
Security is a very complex issue, not something that can be added on to an existing web site. We created, control and understand every line of program code. We designed from the ground up with security in mind. We having developed practices that minimize risk.
A key principle in software design is: functionality is the enemy of security. The more things it can do, the more levels on which it is built, the bigger it is; the more the potential number of security holes there are to be discovered. Our philosophy is thus one of starting with simplicity, only having the minimum of what is needed to get the job done. Then adding features in a controlled fashion. This principle guides us. Our servers also are Linux, the proven best platform, and they are configured from ground up by us, to have an absolute minimum of packages installed and very few ports exposed to the internet.
When users save a password on their account page, it is encrypted, even we have no way to retrieve it, they must reset it to regain access.
When users create an account they only supply an email address. This enables them to sign up for our monthly email newsletter without providing any further information.
Users enter must enter their email to create an account. No other data is needed. Optionally, they can enter the following:
Plainsmanclays.com collects the following meta data:
We do not process sales or collect payments on the web site.
Contacting Users: We contact users by email. This may be needed to remind them about security practices (e.g. encrypting a password) or about how to reset their password (if we note they are having issues logging in).
Contact Form: Users who contact us about technical problems may reveal trade secrets. We carefully guard these communications and delete them after finished. To give better personalized service we make notes in users accounts (in an area they cannot see) regarding the types of problems they have experienced.
Tech-Tip Newsletter: We send these out monthly using the email addresses users provide us.
Registration and Authentication: The registration and login pages on our website receive particular attention to harden them against infiltration. We monitor live hacker attempts to enter and adjust our strategy accordingly.
Encrypted passwords: We entrust you with the ability to encrypt your password.
Frequent server updates: As server vulnerabilities become known they are one of the key vectors for infiltration. We update server software weekly and as bulletins surface. We monitor industry security news, social networks and podcasts by authorities to be aware of these.
Server Credentials: Backup servers have different credentials. Servers do not have root accounts and can only be accessed using RSA public/private key pairs. We guard these keys on the machines of code developers and administrators.
Subcontractors: These are never allowed access to our main server. They work on backup servers that have different credentials. Even then, no contractor is given access to a backup server unless we have experience with his/her work and ethics.
Monitoring: We are constantly monitoring all failed logins, unusual login attempts, file changes/adds/deletes, server and database error conditions, account creations, unusual changes in database records. We can block an IP address quickly to prevent all access.
Data is resident in a database on a dedicated server managed by Codero.com in Phoenix, AZ (we have a long relationship with them). All processing of the data happens on the server by automated systems that we design. Software tools that we use to edit data manually, when necessary, reside on the server and present their HTML interface through a web browser via SSL in authenticated sessions. No subcontractors or workers download data, process it, and upload it.
The names and contact information of clients are maintained as long as they choose. When they stop subscribing and stop opening our emails we gradually purge their information completely.
We do not analyze and data-mine (using AI or programmatic methods) the R&D data that clients create in our online system. We do not target them for any promotions and do not reveal anything about their data to outside vendors.
Opt-in members are sent a monthly email. The email address is stored at plainsmanclays.com as part of its membership information. The email is sent from digitalfire.com. The content is from there also. Our dispatching system is sensitive to the "subscribe" setting which the user controls on his/her account page and during signup. During the unsubscribe process users are not redirected anywhere, they go straight to the unsubscribe page that does one thing: Marks their account as unsubscribed. We manage bounce-backs from monthly mail-outs manually to maintain a high-quality member list.
Monthly emails also inform members of their account status as appropriate and give them a one-time-login link. They also provide a link to see that specific tip in context at the website.
CAN SPAM Act
The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.
To be in accordance with CANSPAM, we agree to the following:
*We do not send out advertisements.
Our staff occasionally initiates email correspondence with clients when we become aware of something that we know will assist them with a specific production problem we know they are having.
Our contact page enables visitors to ask technical questions about our products and production issues they are experiencing. We respond via email and delete the original requests permanently (no log is kept). However, we continue conversions via email when people respond.
Plainsmanclays.com attempts to write a test cookie into your browser on the first page view. If it succeeds in reading it back on the second view it realizes your browser accepts cookies and continues. If not it warns you that the site will not operate without them.
When you log in the server creates a cookie in your browser having unique 10-character code that identifies your account. After that, it asks for that code every time your browser connects, and if received, logs you in automatically to that account.
Plainsman Clays does not permit any third-party advertising or tracking in its pages. Thus there are no third-party cookies and nothing you do at our websites will be known by others.
Our systems create text-file logs to flag programming errors. However these logs are viewable by staff only and routinely erased (we have no permanent log storage). We also do not maintain a history of email contact with users.
Plainsmanclays.com logs failed logon attempts, password resets, unsubscribes, subscribes and account sign-ups. These go into short-term storage in a database. As our staff notes them on a control panel they are removed permanently.
Since we permit no tracking that means there is no there to handle do-not-track signals.
We are very cautious about adopting third-party software tools. We do not use a content management system or Flash video. We only use proven open-source products that are cooperatively reviewed and hardened by communities of hundreds of thousands or even millions of users.
The code in these systems is automatically kept up-to-date using dependency managers.
Do do not market to children. Our system does not record the age of users.
Our email contact system has the capacity to reach all users in one 24-hour day. We have built in the capacity to author and dispatch a message in minutes. We will take the following responsive action if a data breach occurs:
PlainsmanClays.com provides a contact form. Messages arrive to our staff via standard email.