BitStatement's Privacy and Security Statement

Privacy & Security Statement
BITstatement.org

At BITstatement.org, we respect your privacy, and want you to understand the ways in which we do and do not use the information you transmit when visiting our site. This statement discloses the privacy and security practices of BITstatement.org.

General

The information gathered by BITstatement.org falls into two categories: (1) information voluntarily supplied by visitors to our website through optional registration and (2) tracking information routinely gathered as visitors navigate through our site.

To make use of certain features on our website (such as to view online statements) visitors need to register and to provide certain information as part of the registration process. We may ask, for example, for your name, email address, social security or tax ID number, and account number, and we might request additional information regarding your experience on our site. The information you supply will enable us to allow you to view your statements online, as well as help us to improve our site based on your feedback.

Whether or not you are able to view your statements online depends on the information you provide. Supplying such information is entirely voluntary. But if you don't supply the information we need, we will be unable to provide you with services we make available to other visitors to our site. For example, we cannot offer online viewing of your statements (or notify you when new statements are available) if you do not provide your name, email address, social security or tax ID number, and account number.

In short, our site will be unable to provide intended services without the information we ask you to provide.

Cookies

A Cookie is a very small file placed on your hard drive or temporarily in your memory by a website. It serves as your identification card and is uniquely yours. A cookie can only be read by the server that gave it to you. BITstatement.org only uses cookies to provide Multi-Factor Authentication. The information stored in this cookie is not personal in nature (it is not your user name, password, social security number, etc.) and is encrypted. Also, in order to protect your privacy and ensure the security of BITstatement.org, we do employ high level session ID's. Session ID's do not place any information or files on your hard drive, nor do they collect any personal information about you from your computer. Specifically, session ID's do not store your username and password on your hard drive. Once you leave BITstatement.org, the session ID ends and ceases to exist.

IP Addresses

Our web servers automatically collect limited information about your computer's connection to the Internet, including your IP address, when you visit our site. (Your IP address is a number that lets computers attached to the Internet know where to send you data -- such as the web pages you view.) Your IP address does not identify you personally. We use this information to deliver our web pages to you upon request, to tailor our site to the interests of our users, and to measure traffic within our site.

Encryption and Security

All information gathered on BITstatement.org is encrypted for storage within a BITstatement.org-controlled database. However, as effective as encryption technology is, no security system is 100% impenetrable. We cannot guarantee the security of our database, nor can we guarantee that information you supply won't be intercepted while being transmitted to us over the Internet - just as the Postal service cannot guarantee your mail will not be intercepted. However, several measures have been taken to greatly limit the possibility your private information is intercepted.

We use state-of-the-art encryption technology to protect the transmission of data to and from our users, such as SSL (Secure Socket Layer). SSL allows software to communicate with Web servers in a secure, encrypted manner. For example, many Web sites that conduct electronic commerce use SSL to securely transmit credit card numbers from a customer's Web browser to the Web server.

All user sessions employ a 128 bit global unique identifier (GUID). It is also not possible for two computers to log into the same account at the same time.

Your statement files are not generated (and therefore do not exist on the server) until you log in with a legitimate Username and Password. Once you log off, this information is automatically deleted from the server.

Our servers are also behind firewalls which block unwanted access.

A final note: The Web is an evolving medium. If we need to change our privacy and security statement at some point in the future, we'll post the changes here. Of course, our use of information gathered while the current policy is in effect will always be consistent with the current statement, even if we change that statement later.