Kinkbomb.com takes security and privacy concerns very seriously. We strive to ensure that user data is kept secure, and that we collect only as much personal data as is required to make our users experience as efficient and satisfying as possible. We also aim to collect data in the most unobtrusive manner possible. This Security Statement is aimed at being transparent about our security infrastructure and practices, to help reassure you that your data is sufficiently protected.
- While users may shop and make purchases anonymously, many of the more advanced features of the site require a user account to be created. All studios must have a valid account. Users must create a unique user name and password that must be entered each time a user logs into their customer or studio account. Kinkbomb.com issues a session "token" only to record encrypted authentication information for the duration of a specific session. The session token is NOT a cookie and it is NOT stored on the client browser which means there is no chance of sniffing, snooping, or obtaining the token by a 3rd party. While kinkbomb.com utilizes cookies for various storage of experience information, any identifiable information including account information and authorization is NOT stored in the cookies.
- When a user accesses secured areas of our site, Secure Sockets Layer (SSL) technology protects user information using both server authentication and data encryption, ensuring that user data is safe, secure, and available only to authorized persons. Kinkbomb.com leverages 256-bit encryption where possible (if your browser does not support 256-bit encryption, kinkbomb.com highly recommends upgrading your browser to the latest version).
- Passwords and credit card information are always sent over secure, encrypted SSL connections.
- Kinkbomb.com is PCI-DSS compliant
- Our data center is located in a SAS-70/SSAE16 Type II certified facility
- Data center staffed and surveilled 24/7
- Data center secured by security guards, visitor logs, and entry requirements (magnetic passcard + pincode recognition)
- Servers are kept in a locked cage
- Environmental controls for temperature, humidity and smoke/fire detection
- The data center is supported by uninteruptable power supplies (UPS) and a backup generator in case of blackouts
- All customer data is stored on servers located in the United States
- Studio data is stored on servers located in the US onsite at Kinkbomb.com as well as backup to the cloud
Availability and Storage
- Multiple independent connections to Tier 1 Internet access providers
- Uptime monitored constantly, with escalation to Kinkbomb.com staff for any downtime
- Firewall restricts access to non-authorized inbound traffic
- Servers have redundant internal and external power supplies
- Backups occur hourly both internally and to the cloud
- Fully redundant copies of studio clips are located on-premise and a third copy is stored in the cloud
- Data stored on a RAID 10 and RAID 50 arrays
- Access controls to sensitive data in our databases and systems are set on a need-to-know basis
- In compliance with PCI DSS, all billing information is encrypted and not visible to even the system administrators and coders
- In compliance with PCI DSS, all access to backend systems (both physical and logical) are logged and audited
- We maintain internal information security policies, including incident response plans, and regularly review and update them
If you have any questions about security on the kinkbomb.com website, please email us at firstname.lastname@example.org.