Kinkbomb.com takes security and privacy concerns very seriously.  We strive to ensure that user data  is kept secure, and that we collect only as much personal data as is required to make our users experience as efficient and satisfying as possible.  We also aim to collect data in the most  unobtrusive manner possible.  This Security Statement is aimed at being transparent about our security  infrastructure and practices, to help reassure you that your data is sufficiently protected.


User Security


Kinkbomb utilizes some of the most advanced technology for Internet security commercially available  today.     
  1. While users may shop and make purchases anonymously, many of the more advanced features of the site require     a user account to be created.  All studios must have a valid account.  Users must create a unique user name and      password that must be entered each time a user logs into their customer or studio account.     Kinkbomb.com issues a session "token" only to record encrypted authentication information for the duration of a      specific session. The session token is NOT a cookie and it is NOT stored on the client browser which means there     is no chance of sniffing, snooping, or obtaining the token by a 3rd party.  While kinkbomb.com utilizes cookies for     various storage of experience information, any identifiable information including account information and authorization     is NOT stored in the cookies.
  2.    
  3. When a user accesses secured areas of our site, Secure Sockets Layer (SSL) technology protects user information      using both server authentication and data encryption, ensuring that user data is safe, secure, and available only to      authorized persons.  Kinkbomb.com leverages 256-bit encryption where possible (if your browser does not support 256-bit     encryption, kinkbomb.com highly recommends upgrading your browser to the latest version).
  4.    
  5. Passwords and credit card information are always sent over secure, encrypted SSL connections.
  6.    
  7. Kinkbomb.com is PCI-DSS compliant


Physical Security   

  1. Our data center is located in a SAS-70/SSAE16 Type II certified facility
  2.    
  3. Data center staffed and surveilled 24/7
  4.    
  5. Data center secured by security guards, visitor logs, and entry requirements (magnetic passcard + pincode recognition)
  6.    
  7. Servers are kept in a locked cage
  8.    
  9. Environmental controls for temperature, humidity and smoke/fire detection
  10.    
  11. The data center is supported by uninteruptable power supplies (UPS) and a backup generator in case of blackouts
  12.    
  13. All customer data is stored on servers located in the United States
  14.    
  15. Studio data is stored on servers located in the US onsite at Kinkbomb.com as well as backup to the cloud

Availability and Storage
  1. Multiple independent connections to Tier 1 Internet access providers
  2.     
  3. Uptime monitored constantly, with escalation to Kinkbomb.com staff for any downtime
  4.     
  5. Firewall restricts access to non-authorized inbound traffic
  6.     
  7. Servers have redundant internal and external power supplies
  8.     
  9. Backups occur hourly both internally and to the cloud
  10.     
  11. Fully redundant copies of studio clips are located on-premise and a third copy is stored in the cloud
  12.     
  13. Data stored on a RAID 10 and RAID 50 arrays

Organizational Security   
  1. Access controls to sensitive data in our databases and systems are set on a need-to-know basis
  2.     
  3. In compliance with PCI DSS, all billing information is encrypted and not visible to even the system administrators and coders
  4.     
  5. In compliance with PCI DSS, all access to backend systems (both physical and logical) are logged and audited
  6.     
  7. We maintain internal information security policies, including incident response plans, and regularly review and update them

Questions?

    If you have any questions about security on the kinkbomb.com website, please email us at customerservice@kinkbomb.com.