Our users trust us with their data, and we make it a priority to take our users’ security and privacy concerns seriously. We strive to ensure that user data is kept securely, and that we collect only as much personal data as is required to provide in-C^® services to users in an efficient and effective manner.

CWS takes advantage of some of the most advanced technology for internet security that is commercially available today. This Security Statement is aimed at being transparent about our security infrastructure and practices, to help reassure you that your data is appropriately protected.

SSL/TLS Encryption: All communications with the in-C^® service are sent over SSL/TLS connections. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) technology (the successor technology to SSL) protect communications by using both server authentication and data encryption. This ensures that user data in transit is safe, secure, and available only to intended recipients. The connection to in-C^® services at 'https://www.in-c.net'-based URLs are encrypted using a modern cipher suite. The green "secure" padlock indicates to in-C^® users that you are securely accessing a webserver operated by Centerforward Web Services, LLC.

User Authentication: User data on our database is logically segregated by account-based access rules. User accounts have unique usernames and passwords that must be entered each time a user logs on. in-C^® issues a session cookie only to record encrypted authentication information for the duration of a specific session. The session cookie does not include the password of the user.

User Passwords: User application passwords have minimum complexity requirements.

Sensitive user data: Sensitive data such as financial information, social security numbers, or credit card details are not to be stored in in-C^®.

Data Portability: in-C^® enables you to export your data from our system in a variety of formats so that you can back it up, or use it with other applications.

Privacy: We have a comprehensive privacy policy that provides a very transparent view of how we handle your data, including how we use your data, who we share it with, and how long we retain it.

Data Centers: Our information systems infrastructure (servers, networking equipment, etc.) is colocated at third party SSAE 16/SOC 2 audited data centers.

Data Center Security: Our data centers are staffed and surveilled 24/7. Access is secured by security guards, visitors logs, and entry requirements such as passcards and biometric recognition. Equipment is kept in locked cages.

Environmental Controls: Our data center is maintained at controlled temperatures and humidity ranges which are continuously monitored for variations. Smoke and fire detection and response systems are in place.

Location: All user data is stored on servers located in the United States.

Power: Servers have redundant internal and external power supplies. Data center has backup power supplies, and is able to draw power from the multiple substations on the grid, several diesel generators, and backup batteries.

Uptime: Continuous uptime monitoring, with immediate escalation to CWS support contacts for any downtime.

Testing: System functionality and design changes are verified in an isolated local test “sandbox” environment and subject to functional and security testing prior to deployment to active production systems.

Backup Frequency: A complete backup of your in-C^® data is made every night, and weekly and monthly reference intervals are also stored.

Handling of Security Breaches: Despite best efforts, no method of transmission over the internet and no method of electronic storage is perfectly secure. We cannot guarantee absolute security. However, if CWS learns of a security breach, we will notify affected users so that they can take appropriate protective steps. Our breach notification procedures are consistent with our obligations under various state and federal laws and regulation, as well as any industry rules or standards that we adhere to. Notification procedures include providing email notices or posting a notice on our website if a breach occurs.

Your Responsibilities: Keeping your data secure also depends on you ensuring that you maintain the security of your account by using sufficiently complicated passwords and storing them safely. You should also ensure that you have sufficient security on your own systems, to keep any in-C^® data you download to your own computer protected within your own network. We offer SSL to secure the transmission of the data you exchange between your workstation and in-C^®.