E-mail	Password

This security statement describes Notecabinet practices with respect to private information that may be obtained through Notecabinet services and website. Questions about Notecabinet security may be submitted to Notecabinet's support team by an email to info@notecabi.net. This security statement applies to Notecabinet only.

Secure Socket Layers (SSL) Certificate

Transmission of sensitive information between user's computer and Notecabinet's website is protected using Secure Socket Layer (SSL) Certificate issued by Go Daddy Secure Certification Authority. 256-bit SSL ensures that all information typed by a user is completely encrypted and cannot be seen by anyone. Please make sure that you connection is protected using SSL Certificate while working with your confidential information (register to our sevice, add/view your passwords, notes or download files uploaded before). Please look at browser's address bar: URL in your browser's address bar should begin with https://www.notecabi.net (or https://notecabi.net) - the 's' after 'http' indicates: this is a secure page. You also must have a 'padlock' in the bottom right-hand corner or top right-hand corner of your browser (exact position depends on browser you use). Double click the padlock to verify that the security certificate is issued to www.notecabi.net (or notecabi.net).

Confidential Data Encryption

Notecabinet uses Triple DES, powerful cryptographic algorithm to encode all confidential data. Triple DES encryption would take hundreds and hundreds of years to crack encryped data even if you use the most powerful machines involved into cryptography industry. Triple DES encryption system works only 1 way meaning that all data can only be accessed by the owner of encryption key. This key is based on your password. We don't keep neither your password nor encryption key on our servers. If the author were to ever forget their Notecabinet's password all of their data would have to be reset and could never be recovered. Even if a hacker did ever manage to find and hack the database, the information would be useless without each members' encryption key. So a hacker would have to spend hundreds of years unlocking each individuals encryption key and then all of their data.

Website Application Integrity

We monitor integrity of our website application 24/7/365 to avoid any hackers' attempts to integrate malicious code, badware, viruses and any kind of spyware code which can make security holes in our system. Once we get any alerts from integrity checker we close any 'bad' connections immediately.

Login attempt monitoring

We monitor login attempts. Once you (or any potential thief) entered password 3 times incorrectly, account is deactivated and corresponding message is sent to account owner. After account deactivated nobody can use it before it bacomes active again. Only account owners can activate their accounts.

Daily secure backups

We backup all information daily to ensure that data is never lost.

Last Updated: June 9, 2009