Security Policy

secure-site.png

We take security seriously

We use security best practices to keep your personal and financial information safe. Below are some of the specific technologies we use to protect your information.

 

Password Protection

DTour, Inc. never stores your password as plain text. Instead we perform a one-way transformation, which results in a hashed password that cannot be reverse engineered to the original password. In the unlikely event that an unauthorized user gains access to the hashed password, it cannot be used to gain access to your data.

2-Factor Authentication (2FA)

Initial account creation requires two codes from two different sources to successfully create the account. The first is a numeric code sent via SMS message to the user’s mobile phone and the second is a numeric code sent via email to the user’s email account. All subsequent login attempts to the application require a password and a numeric code sent via SMS message to the authorized user’s mobile phone. Without the password AND the correct code from the SMS message (which times out if unused within five minutes), it is impossible to log in to the account. This means that even if a user’s password and email address are compromised, it is still impossible to access the account data without the correct code from the SMS message that was sent to the authorized user’s mobile phone. This 2-factor authentication security protocol is the most secure way to verify a user’s identity. (It is the user’s responsibility to consider if the email account is linked to any other device where an email alert might compromise their privacy. If that is the case, the user should create a new email account for this subscription.)

Encryption at Rest

DTour, Inc. stores all user data in a database using AES-256 block-level storage encryption. All backups are also encrypted. In the unlikely event that an unauthorized user gained access to the database or backups, it would still be impossible for them to access any data.

Encryption on the wire

DTour, Inc. uses secure socket layer technology (SSL) to secure all communication between users and our servers. We use 256 byte keys (SHA-256 signature algorithm) with RSA encryption. In the unlikely event that an unauthorized user gains access to network traffic, it would still be impossible for them to view or modify any data.

We continually monitor, test, and update all security protocols to ensure we are always providing dtour.life users with the most secure user experience possible.