Security Policy
Last Updated: 11 December 2024
Introduction
Security remains paramount as Cache Smart stands at the forefront of offering comprehensive, user-friendly retirement planning software. This document encapsulates our unwavering commitment to safeguarding customer data, ensuring secure transactions, and continuously adapting to the evolving digital threat landscape. What follows is an overview of the security procedures we employ to keep your data files, purchasing and downloading activities, and other interactions secure while using CacheSmart-us.com and WealthProbe.com (Websites), and our products. We ask for your understanding when we say that for security reasons, some of the details used in our operational security systems have been omitted. For information pertaining to the security of your personal information, see our Privacy Policy.
Website Access
We strive to ensure our Websites remain accessible to our customers at their convenience. To that end, our Websites are monitored 24/7, every day of the year. We know within a few minutes of an interruption of our website services. Although these events are rare, if there is an interruption in service, rest assured that we will get the affected website up and running again as soon as possible.
Furthermore, to safeguard against unforeseen disasters, the contents of our Websites are backed up daily. This helps us to restore full operation of the affected website with a minimum of delay.
Security of Purchasing and Downloading Activities
Communication across the internet: When you communicate with our Websites, communications in both directions are protected through the use of encryption, secured by the Secure Sockets Layer (SSL) Protocol (seen as Https:// and the paddle lock symbol).
Payment Information: When you purchase Cache Smart products or services, we use a Payment Card Industry Data Security Standard (PCI DSS)–compliant third-party payment gateway to shield your billing and credit or debit card information from potential exposure. Our employees do not see your payment information and it is not stored by us on our servers or in any other way.
Web Application Firewall (WAF): We protect the Websites by using a multilayered defense. Our advanced Web Application Firewall acts as the first line of defense by monitoring traffic and blocking malicious requests. Regular updates to our firewall enable defense against several types of cyber-attack, to include Distributed Denial of Service (DDOS) and cross site scripting protection. In addition, our security team conducts a comprehensive review the WAF log files frequently to facilitate the early detection of potential threats.
File Security during Download and Activation: After you purchase your copy of WealthProbe, a link on the purchase confirmation webpage enables the secure encrypted transmission of WealthProbe from us to you. You will also receive email information allowing you to securely download and activate WealthProbe on your device of choice, at your convenience. Each use of WealthProbe checks your encrypted activation information resident only on your own device, preventing use of your copy of WealthProbe on another device unless you have properly activated it on the second device.
Changes to this Policy
From time to time Cache Smart reserves the right to change this Security Policy to reflect changes in our practices or for other operational, legal, or regulatory reasons. Any changes posted to this Policy will be accompanied by an updated revision date. Your continued use of the Websites or our services after such changes will constitute your acknowledgment of the terms of the modified Policy.
Security of Online Operations and Records
Malware/Virus Protection: The Websites are scanned daily for threats by frequently updated anti-virus/anti-malware software.
Server and Software Patching: Regular website and server maintenance is key. We monitor for patches and vulnerability announcements related to our server OS and website software. Implementing these patches helps ensure the security of our Websites is up to date.
Access: Only authorized personnel have access to stored personal data and only for business purposes. Credit/debit card information is not stored on our Websites, or anywhere else at Cache Smart.
Password Policies: Strong password policies are the foundation of individual account security. We enforce complex password requirements, including a specified minimum of characters consisting of a random mix of cases, numbers, and symbols. Biannual password changes are mandatory.
Security of Offline Records
Storage: This storage is for offline backup of business information and the limited personal information we retain. This is primarily stored on detachable storage devices, but may include hardcopy files used by us for various reasons; for example, to help you resolve a current problem you may be having. All offline records are stored in large, combination-protected, fire-proof safe(s) in a secure, climate controlled room.
Access: As with the online records, only authorized personnel have access to the offline records, and can only access the information for valid business purposes. Personnel are required to log their access to, and return of, customer information stored in the safe(s) used for offline storage.
Destruction: Obsolete offline records set for destruction are recorded, then destroyed using cross-shredders and incinerators. Department head (or higher) sign-off ensures the destruction process is both secure and accountable.
File Encryption and Storage (while using WealthProbe)
While using your downloaded copy of WealthProbe on your personal computer, WealthProbe encrypts the financial data you input using banking-level encryption. This data is stored locally on the storage media you decide to use. The encryption key needed to unlock these files is generated and stored on the device you use to run WealthProbe. The only way these files can be unlocked with this key is by running WealthProbe on the device that generated the key.
Conclusion
This policy reflects the Cache Smart company security policy which applies to all company locations and Cache Smart Websites. It serves as a guideline for maintaining the highest security standards for our Websites and their operations. All employees and contractors must adhere to this policy, and regular training and updates are provided to ensure compliance. The ultimate aim is to ensure that our customers can trust Cache Smart with the limited data they supply us, and purchases can be made with confidence that their sensitive payment information and personal information is well protected.