Security

At My Child's Locket, we take a holistic view of security. Protecting your data means making sure your data will be there when you need it. Keeping the data on our site safe and available is important to us—after all, we use the service, too!

If you have any questions about our site security, please visit the Contact page.

Hosting

The information you store at mychildslocket.com is protected by multiple layers of security. The first layer (think of it as the outer wall) comes from our hosting provider FireHost. Their secure hosting environment gives us multiple firewalls and intrusion detection, handles denial of service attacks, and keeps our servers backed up. Basically, FireHost makes sure we'll be up and running when you need us.

SSL

Our security doesn't stop at the outer walls. We also protect all the communication between your browser and our server with high-grade SSL encryption. Not only that, but our Extended Validation SSL certificate will let you be sure you're logging into the real mychildslocket.com site every time.

Data is SSL encrypted between the browser and our servers.

Data Encryption

We've taken several steps to make sure your sensitive data is kept secure. We encrypt all your sensitive data (child names, birth dates, insurance ID numbers, etc.) using the Advanced Encryption Standard, the same encryption algorithm used by numerous organizations including the US Government.

We've also paid special attention to the keys used to encrypt and decrypt your data. Key management is an important part of encryption. We've implemented a number of measures to make sure they're not a weak point in our system:

Every user is assigned a unique, random key. This means that if, for some reason, person A's key is compromised, person B's (and everyone else's) data is still safe.
We never store your key on our system in a usable format. Your key is encrypted before being stored, and is only decrypted during the time you're logged into our system.
We keep an encrypted backup copy of your key to let us recover your data if you forget your password. It can only be decrypted by select members of our administrative staff, and is only decrypted for the few seconds required to reset a password.

When you log into your account, your encryption key is loaded from our database into the webserver's memory and unlocked using your password. While you're logged in, the server uses the unlocked key to encrypt and decrypt your data. This unlocked key is only stored in the server's memory; it is never stored in the database. When you log out, the key is simply discarded.

Auto Logout

If you ever log into our website from a public place, you should always log out when you're finished. We know that this isn't always possible, though. Sometimes people forget, especially when that sometimes people forget to log out, especially if there's an emergency. It's always best to log out when you're done, but if you forget, we'll log you out after 10 minutes of inactivity.

You can Help!

You can help us out by following a few basic security procedures:

Install a firewall and antivirus software on your computer, and keep them up to date.
Make sure the password you use for your mychildslocket.com account is strong. Don't use simple patterns or easy to guess phrases.
Always log out of your mychildslocket.com account when you're finished, especially if you're using it in a public location like a library. We'll automatically log you out after 10 minutes with no activity, but that's up to 10 minutes that someone could have access to your account if you leave without logging out.