Security Research and Development

Privacy First

We feel so strongly about privacy rights that EVERYTHING about the design and technology of this site, from the time its first pixel was displayed, has been designed around respecting the rights of our visitors — your rights. But, frankly, just speaking those words doesn't mean very much, since that's pretty much what every sleeze-bag company on the Internet will tell you — even those that are currently under Federal indictment for deliberate and repeated privacy violation and abuse. So we have broken it down, detailing our specific conduct, so you can see EXACTLY what WE mean when WE say that we care more about your privacy and security than anything else:

eCommerce

It's a closed system — we wrote our eCommerce facility from scratch rather than subcontracting with a third party eCommerce provider using an off-the-shelf "shopping cart" package. That means it's fast and efficient, and that we do NOT rely upon the conduct and behavior of the employees and technology of any third-party for which we can not authoritatively vouch. It also means that there is no chance that the system has any hidden third-party backdoors or exploitable weaknesses, and that it doesn't need to be updated hourly as the next carelessly coded Microsoft security weakness is discovered. Additionally, we routinely scan our own systems for vulnerabilities, as well as any area in which we can imporve security, privacy, or efficiency.

Script-free and Cookie-free

Web-based eCommerce systems typically require their users to lower their web browser's security or privacy settings for the commerce system to function. But I wrote our eCommerce system as an entirely server-side system using no browser scripting and no browser cookies. So you are welcome to keep your web browser buttoned up tightly while using any and all of our site's services — including our eCommerce system. The only script we run are for CSS (to adjust the site display for mobile browsers), and for Google Analytics.

Always Encrypted

At no time is any purchasing information stored anywhere in non-encrypted form. Strongly encrypted purchase records (which must be retained for state tax reporting) are stored on an isolated backup machine that is not connected to the Internet. There is no way for a malicious hacker to access or acquire these records. And even if a malicious party could gain physical access to this offline backup machine, ever-present strong encryption renders the data completely useless.

Secure Encryption Guaranteed

During eCommerce transactions, the security-sensitive transfers required when personal credit information is submitted to our server is securely wrapped by an SSL 3.0 (Secure Sockets Layer) 128-bit public-key encryption wrapper. Unlike other sites, WE DO NOT ALLOW the non-encrypted transmission of sensitive customer data. The current estimate on cracking a 128-bit encrypted message is a bit more than twelve thousand years.

Personal Information

Our manage our own email system — We do not subcontract or "farm out" our list management, so there is NO CHANCE that your personal and private eMail address will be disclosed to any third party. Moreover, we feel quite strongly about the privacy of eMail addresses and NOTHING could induce us to divulge our customer's eMail address to any third party. Some things are NOT for sale — your trust in us is one of them.

Advertisements

This is a "100% Ad Free" Zone — We do not understand why ANY commercial web site would choose to horribly clutter its pages with garish and annoying advertisements jumping around all over the place, trying to distract its visitors and get their attention. It's not as if being on the web is particularly expensive. It isn't. So we just can't understand why advertising has "happened" anywhere on the web except on those "fully sponsored" free web sites for individuals. It appears that many corporations have no taste or sense of style whatsoever. But, independent of that, no force on Earth could make us place a reference to an off-site advertising server on this site. The fact is, advertisements are a HUGE security and privacy risk. You will never find one here. No way.

Web Bugs

Do you even need to ask? — Of course we don't do anything like that. We can't imagine that we would ever want to know anything about you that we didn't have the courage to ask. So there's NO SORT OF TRACKING OF ANY KIND ever happening on this site. Period.

Server Logs

Nope, we don't do that either. — Other web sites' privacy statements say that they log all server accesses in order to spot abuse and identify and solve problems. But we have written 100% of our web server enhancements, without relying upon any unknowable bits and pieces of code from anyone else. And since we don't have any problems with abuse and don't have any operational mysteries to solve, we have no need to log our web server's accesses — so we don't. There is no record that anyone who visits our web site has done so, nor what they did or where they went while they were here. We only use basic Google Analytics for generic traffic reporting, otherwise the only time we would actively log or monitor traffic would be via a live Intrusion Detection System for security purposes, in line with vulnerability assessment. In such an emergency situation where we do find it necessary to log accesses to any of our servers to resolve a problem, such logging will persist only as long as required to resolve the issue and all logs will be deleted immediately afterward.

Your IP Address

Never Recorded — Your IP Address is NEVER stored or recorded in any fashion. (Not even logged by our web server, see above.) Again, we use Google Analytics for traffic analysis, and do not track individual IP addresses.

Forensic Packet Capture

In extraordinary times, such as when we are under direct malicious Internet attack, we may record the data packet traffic entering our network for the purpose of defending against and curtailing attacks of various sorts. But even then, we protect your privacy as our first priority. No valid traffic will be logged or retained, and permanent records of malicious and deliberately damaging activity will only be retained as specifically required.

Our Guarantee

We take your privacy and safety seriously and we will NEVER fail to put it first. So perhaps you see what we mean by Privacy FIRST. We mean first and forever. If you have any questions or concerns about anything you have seen here, or about anything relating to your privacy conduct, PLEASE DON'T HESITATE to let us know. You may address any eMail to us for our immediate attention to via our contact page. Thank you for your interest in these tricky but important issues. Perhaps we can work together to raise the standard of privacy on the Internet. It is certainly worth a try!