When it comes to data, 8fold would prefer to avoid if we could. Unfortunately, when it comes to the internet, as of this writing, we cannot. Therefore, we view your data with the same respectful fear that one might hold for a loaded weapon and viewing ourselves as stewards and facilitator of what you’re willing to share to present it well and automate certain things for you.
There’s a joke regarding data security that goes like this:
The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards - and even then I have my doubts. ~ Eugene Spafford
Having said that, there are measures you and 8fold can take to help as much as possible. Of course, the more detailed our descriptions, the easier those measures become to workaround.
Yes, it’s all very cloak and dagger but very serious business.
For your part, we ask that you create a strong password, which computer scientists can’t even agree on. Therefore, we recommend that you’re password:
be long, we chose a minimum of 8, you have up 255.
contain special characters preferably not the exclamation or bang (!) and a few spaces, no one suspects the space.
contain a non-obvious phrase you’ll remember.
should be something you can remember, even if you never type thanks to leveraging a password management tool.
For example: @ five o’clock I’m done. Just for the day; I’m not quitting my job or anything??
Obviously, don’t use that one and scale up and down according to your comfort level. For more information, see Lorrie Faith Cranor’s TED Talk entitled What’s wrong with your pa$$w0rd?.
The second recommendation is to leverage encryption whenever and wherever possible. Encryption, in short is jumbling (technical term, look it up) up your data such that it’s no long human (or computer) readable. Decryption is tidying things up. Typically, the only way to decrypt the data is by applying something unique and hard to replicate, a key, (the device ID for your phone, for example) to an algorithm and the data.
Most operating systems have ways to encrypt your data, highly recommend using them.
Now for our part.
When it comes to the transmission of data and your connection to our websites, we use TLS & HTTPS to help ensure that your computer is talking to a certified 8fold computer.
When it comes to user-generated content and personal information, the majority of it is encrypted. Further, we do our best to ensure your data and personal information are not all stored in the same place, accessible in the same manner, not in the same, and don’t use the same keys for encrypt and decrypt. Finally, this separation may include a storage mechanism identified by you.
Honestly, the less personal or financial information of yours 8fold has the better we all feel (especially insurance agents and attorneys); so, we would just as soon not even ask, unless required by policy or law for the operation of the application or software.
For an avoidance example, when you purchase something and enter in your credit card information, your credit card number goes around the computer hosting our software to our payment processors. We don’t have access to the name associated with the card, just bare minimum information for us to support payment processing problems.
For a because we have to example, when you purchase something we need to have a good address to ship to. Having said that, unless you choose to save the address for future orders, we send it straight to our distributor and associate it with an order. Further, historical orders older than 12 months are purged automatically.
The General Data Protection Regulation (GDPR) is a law governing how businesses, wanting to do business in the EU, must operate as it relates to certain aspects of data. So far, for 8fold, it’s a relief as it gives us a blueprint and more information for things we were already doing, already wanted to do, or wanted to go above and beyond.
Article 17 of the GDPR is entitled Right to erasure (‘right to be forgotten’). Under this article, and because it’s just the civil thing to do, you have the ability to delete a persona and all content related to that persona. Further, any comments or replies to content we will be replaced by placeholders. Finally, you have the ability to delete your user account, which will automatically result in the deletion of all personas associated with that user account.
Sometimes, you are not able to delete your own account or to notify 8fold; therefore, the following protocol is designed to help ensure the security of your information.
After 6 months of inactivity 8fold will reach out to let you know we hope you are well and let you know implications should you remain inactive. This notice will be sent to the main email address on file, at minimum.
After 12 months of inactivity 8fold will reach again, only the notice will be sent to all communication channels you’ve provided. The notice will be to inform you that your account has been marked inactive and any subscriptions have been canceled.
After 18 months of inactivity 8fold will reach out again through all channels, will export the data on your behalf, will provide instructions on how to retrieve the exported data, and will delete your account.
6 months after export the data will be deleted from storage.