Your Data is Protected With Us
Security is of great concern to us and to our members. The following defines security policies.
- Password-Protected Members Area - the heart of Art League of Henderson County is the members area. All updates to your data are done through the member's area. Access to the member's area is limited to users with a username and password. After several minutes of inactivity (90 minutes in most cases), a user's session is 'timed-out'. The user then has to log-in again.
- Password Reset - in the event that a user loses their password, they have the ability to re-set it. This allows them to re-gain access, without sending a password in clear text via email.
- Access Log - we keep a record of who logs in and when, recording the IP addresses of each user's access.
- Change Log - in the critical parts of Art League of Henderson County (members, events, billing), we also keep record-change-logs to track when a given piece of member/attendee/event information was changed.
- User Permissions - Art League of Henderson County has a highly flexible way to grant access to users:
- Member-level: This is for general members. They have the ability to change their own information and view whatever information the association chooses to allow them to view.
- Admin-level: Admins have full access to all areas of the system.
- Custom: Member-level users can be granted specific permissions to specific areas, as designated by an admin user.
- PCI Compliant - PCI stands for Payment Card Industry, and it is a continually evolving standard for credit card security. It applies to organizations and merchants that accept, transmit, or store cardholder data. The Art League of Henderson County is a PCI compliant service provider. We go through periodic security assessments and third party testing to verify this compliance.
- Secure Sockets (SSL) - all credit card/bank account information is accepted under SSL encryption. This means that the pages where card information is entered, these pages are all using https, and the user's browser would indicate this with a lock/key icon at the top.
- No storage of credit card information - we do not store cardholder data within our system. It is accepted at the time of purchase (member joining/renewing, event registration), but not stored. If you use our monthly-membership payment processing system, we use Authorize.net's Customer Information Module to store card information and process the monthly transactions.