Security and Privacy
We make it a priority to take our users' security and privacy concerns seriously, and strive to ensure that user data is kept securely. We collect only as much personal data as is required to provide our services to users in an efficient and effective manner. The Legacy Planners Network relies on a secure platform provided by Yourefolio™. We have been assured that Yourefolio uses some of the most advanced technology for Internet security that is commercially available today. This Security Statement is aimed at being transparent about Yourefolio’s security infrastructure and practices, to help reassure you that your data is appropriately protected. It is based upon information that Yourefolio™ has provided to us. If you have questions or concerns about its Privacy Policy, you can also find that here.
Application and User Security
SSL/TLS Encryption: Users can be confident in knowing that Yourefolio™ collects personal information over secured, encrypted SSL/TLS connections. All user input with https://yourefolio.com website are sent over SSL/TLS connections. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) technology (the successor technology to SSL) protect communications by using both server authentication and data encryption. This ensures that user data in transit is safe, secure, and available only to intended recipients.
User Authentication: User data on our database is logically segregated by account-based access rules. User accounts have unique usernames and passwords that must be entered each time a user logs on. Yourefolio issues a session cookie only to record encrypted authentication information for the duration of a specific session. The session cookie does not include the password of the user.
User Passwords: Yourefolio™ suggests user application passwords have minimum complexity. Make it at least 6 characters, add lowercase letters, add uppercase letters, add numbers, add punctuation, etc.
Privacy: Yourefolio™ has a comprehensive privacy policy that provides a very transparent view of how your data is handled and used, whom it is shared with, and how long it is retained.
Physical Security
Data Centers: We have been assured that Yourefolio™ maintains the best possible administrative, technical and physical safeguards in an effort to protect against unauthorized access, use, modification and disclosure of personal information in its custody and control.
Network Security
Logging and Auditing: Central logging systems capture and archive all internal systems access including any failed authentication attempts.
Storage Security
Backup Frequency: Backups occur daily to a centralized backup system for storage.
Organizational & Administrative Security
Employee Screening: Yourefolio™ performs background screening on all employees.
Training: Yourefolio™ provides security and technology use training for employees.
Service Providers: Yourefolio™ screens its service providers and binds them under contract to appropriate confidentiality obligations if they deal with any user data.
Access: Access controls to sensitive data in Yourefolio™ databases, systems and environments are set on a need-to-know / least privilege necessary basis
Audit Logging: Yourefolio™ maintains and monitors audit logs on its services and systems.
Information Security Policies: Yourefolio™ maintains internal information security policies, including incident response plans, and regularly reviews and update them.
Software Development Practices
Coding Practices: Yourefolio’s engineers use best practices and industry-standard secure coding guidelines to ensure secure coding.
Handling of Security Breaches
Despite best efforts, no method of transmission over the Internet and no method of electronic storage is perfectly secure. We cannot guarantee absolute security. However, if Yourefolio™ learns of a security breach, it will notify affected users. Its breach notification procedures are consistent with our obligations under various state and federal laws and regulations, as well as any industry rules or standards that it adheres to. Notification procedures include providing email notices or posting a notice on our website if a breach occurs. Our credit card transactions are processed by Chase Bank and Authorize.net. Rest assured if those credit card processors are breached we will notify you in the same regard as our breach notification procedures and obligation.
Your Responsibilities
Keeping your data secure also depends on you ensuring that you maintain the security of your account by using sufficiently complicated passwords and storing them safely. You should also ensure that you have sufficient security on your own systems, to keep any data you view on your own computer away from prying eyes.
REVISIONS TO OUR SECURITY.
We reserve the right to revise, amend, or modify our Security Policies at any time and in any manner. However, if the changes are significant in our judgment, we will provide you with advance notice prior to the change becoming effective and an opportunity to opt-out of such differing uses. We encourage you to periodically review this page for the latest information on our Security Policies. You can find when this Security Statement was last updated at the bottom of this page.
Last updated: January 1, 2023.