For the safety of you and your clients, iSupe uses industry-standard security measures. This document outlines the specific security measures implemented.
Transport Layer Security
iSupe creates an encrypted tunnel between your computer and our site to prevent third-parties from intercepting or interfering with messages. Important messages are encrypted with an authorized SSL certificate which is renewed annually. HTTPS is used in conjunction with SSL to deliver messages.
More technical information for those interested:
- Connection establishment
- RC4_28 algorithm for encryption
- SHA1 for message authentication
- RSA for key exchange
- Asymmetric public-private key implementation
- Standard SSL: 128-bit encryption
- Public/private key length: 2048 bits
- Site identity verified by Go Daddy Secure Certificate Authority
Within iSupe, usernames and passwords must meet strict complexity requirements. These rules are enforced by client-side and server-side checks. These criteria make it very difficult for others to guess logins. Additionally, we advise users to change their passwords regularly and often.
Your actual passwords are never stored in our databases. Instead, password hashes are stored in our databases and updated regularly.
Session data stored in our databases is only accessible to the supervisor and any supervisee they have invited to the session. However, once a session is closed by the supervisor, all session information and associated messages are purged from the server.
Credit card information is not kept in our databases. All of our billing functionality has been outsourced to PayPal, a trusted and secure online payment company.
To make iSupe even more secure, we ask that users use no identifying information during communication to add even further protection for your clients. If you must refer to your clients, coding of your client names is recommended.