Legal Policies for the Draco Digital Affiliations
Draco Digital, Draco Domains, Draco D-Commerce, Luv2GoShope, State Payments, Back Alley Software and all other sites and affiliations.
SECURITY PRACTICES
The security practices below are effective for all users on December 10, 2002.
TRANSACTION SECURITY
Draco Digital, LLC combines Secure Socket Layer (SSL), encryption, Linux servers and proprietary technologies to enable merchants to accept or make payments easily and securely without the need to invest in costly security systems of their own.

The following is a detailed description of Draco Digital's secure online payment systems.

SECURE SERVER BASICS
A secure server is one which takes advantage of Secure Sockets Layer (SSL) technology. SSL is a protocol designed to enable secure transmission of information on the Internet. SSL provides encryption and integrity of communications along with strong authentication using digital certificates. SSL uses a private key to encrypt data being submitted from a browser before it is transferred over the Internet via the SSL connection. When the data reaches the SSL-enabled web server, it is decrypted. If the data were to be stolen during this transmission, it would remain unreadable. Many web sites use SSL to obtain confidential user information, such as credit card numbers. Web pages that incorporate SSL have a web address starting with "https://" instead of the usual "http://".

DRACO DIGITAL SECURITY
Draco Digital takes advantage of advanced security and encryption features to ensure the security and safety of customer data. After customer data (credit card number or checking account number) arrives at Draco Digital's server via SSL, it is re-encrypted, which makes the information unreadable. This information is then pushed to an offline server (not accessible via the Internet) where the information is safely decrypted and the transaction is completed.

Credit card account data is never stored online in plain-text (readable) format. In addition, this information is never transmitted in plain-text via email, socket, GET, POST, etc.

SECURITY POLICY
Draco Digital, LLC places a high premium on data security and has incorporated the following measures in the Draco Digital services to protect user data.
  • User ID (name or email address) and Password. User names and passwords are stored in a secure database protected by a firewall. Upon registration, each member establishes a unique user name and is assigned a password, which may be changed by the user at a later period. When it is necessary to send access information to a member, the password and user name are never sent together. Members can only access data they created or which has been published to them by another member.
  • Secure Socket Layer (SSL) protocol is used to make all session transactions secure.
  • Encryption of Published Data. Data published by any user is encrypted during the process of uploading to the Web server.
  • Secure Server. Draco Digital servers are protected from intrusion by a secured firewall.
  • Redundant data. Draco Digital's data storage system allows for full recovery in case of drive failure.
  • Secure Data Center. Draco Digital's servers are located in a secure data center managed by RackSpace. Draco Digital has a full redundant architecture, High Availability (HA) data center utilizing high-capacity servers, with Linux operating systems, advanced routers and SQL database software.
  • Site Access. Draco Digital's hosted facilities are highly secure, highly available carrier-class facilities with advanced security features and fault-tolerant power systems (multiple power grids, facilities-based ACDC battery back-up, diesel generators). Only authorized personnel are permitted to access the locked cabinets that house Draco Digital servers.
ADDITIONAL PRIVACY DECLARATION
We strive to achieve the highest level of security and confidentiality with our merchants and customers' information throughout our e-commerce systems, be it online (during transactions) or off-line (during processing and physical fulfilling of customers' orders). Security and confidentiality of information are achieved by:

Online Security
Draco Digital utilizes 128-bit SSL encryption, one of the most secure systems currently available. Depending on the browser used by the customer, all sensitive information (such as credit card numbers) are encrypted up to the 128-bit SSL during the "buy" process.

Server Security
Draco Digital's servers are protected by layers of sophisticated "firewall" to prevent hacking. The servers are housed in a highly-secured data center, which provides round-the-clock manning and fire protection, ensuring a high degree of physical security.

Customer's Account and Merchant's Store Security
Registered customers' account information are password protected and kept confidential at all times. Non-registered customers' transaction history will also be given the same level of confidentiality.

Access to merchants' store will solely be for the purpose of "credit backs" and database administration.

All transactions are "backed up" daily and, in the unlikely event of a server "crash," critical transaction information can be recovered quickly.

General Security Policy
All our staff, merchants and equipment vendors are responsible and accountable for the security of the information to which they may have access in the course of their work. Unauthorized use, alteration or disclosure of such information are serious offenses, and disciplinary and legal action will be taken against people who commit them.
Contacting Us
If you have any questions about this security statement, Draco Digital's information practices, or your dealings with any of Draco Digital's services, you can contact us by emailing info@dracodigital.com, call 620.230.0400 Monday through Friday between the hours of 9am and 5pm CST, or write us at Draco Digital, P.O. Box 4012, Pittsburg, KS 66762.