Privacy and Security

Privacy

We collect customer information in order to process your orders and for demographic information.  We will not share your information with anyone nor will be sell it to any outside organizations. 

Occasionally we might contact our customers to inform them of any policy changes, arrival of new lines or special offers for registered customers only.  We will be sending out a newsletter about once every quarter and you can choose to opt out if you desire.

We value you as a customer. We adhere to a strict no spam policy. If you feel you are receiving an inappropriate amount of email from us, please feel free to contact us immediately so we can rectify this. 

Security

Our website is protected by a standard SSL certificate.   This protects your personal and payment information.  The certificate is issued by Go Daddy.

What is a SSL Certificate?

An SSL certificate is a digital certificate that authenticates the identity of a website and encrypts information sent to the server using Secure Sockets Layer (SSL) technology. Encryption is the process of scrambling data into an undecipherable format that can only be returned to a readable format with the proper decryption key.

A certificate serves as an electronic "passport" that establishes an online entity's credentials when doing business on the Web. When an Internet user attempts to send confidential information to a Web server, the user's browser accesses the server's digital certificate and establishes a secure connection.

How does an SSL certificate work?

An SSL certificate ensures safe, easy, and convenient Internet shopping. Once an Internet user enters a secure area - by entering credit card information, email address, or other personal data, for example - the shopping site's SSL certificate enables the browser and Web server to build a secure, encrypted connection. The SSL "handshake" process, which establishes the secure session, takes place discreetly behind the scene without interrupting the consumer's shopping experience. A "padlock" icon in the browser's status bar and the "https://" prefix in the URL are the only visible indications of a secure session in progress.

By contrast, if a user attempts to submit personal information to an unsecured website (i.e., a site that is not protected with a valid SSL certificate), the browser's built-in security mechanism triggers a warning to the user, reminding him/her that the site is not secure and that sensitive data might be intercepted by third parties. Faced with such a warning, most Internet users will likely look elsewhere to make a purchase.

How will a customer know that this site is secure?

An "https://" prefix in the URL and a key or padlock icon in the browser's status bar indicate that a page within a website is secure.

An SSL-encrypted session usually starts once a visitor signs in to a secure area of a website, such as the checkout or account-management area of an online store.

What Is the Encryption Strength of SSL Certificates?

All of Go Daddy's SSL certificates support high-grade 256-bit encryption.

The actual encryption strength on a secure connection using a digital certificate is determined by the level of encryption supported by the user's browser and the server that the website resides on. For example, the combination of a Firefox browser and an Apache Web server normally enables up to 256-bit AES encryption with our SSL certificates. This means that depending on the Web browser and Web server that combine to establish the secure connection through one of our SSL certificates, the encryption strength of the secure connection may be 40, 56, 128, or 256 bit.

How does the Certification Authority verify domain registrant information?

Before issuing an SSL certificate, the Certification Authority (CA) verifies that the person making the request is authorized to use the domain. The CA sends an email message to the domain administrator (the administrative or registrant contact, as listed in the Whois database) to validate domain control. If there is no contact information in the Whois database or the information is no longer valid, the customer may instead request a Domain Authorization Letter from his/her registrar and submit the letter to the CA as proof of his/her domain control.

How do I know a secure certificate is safe from vulnerabilities?

The Go Daddy Certificate Authority validates the identity of an entity purchasing an SSL certificate. The Certificate Authority does so by validating documentation provided by the requestor. The Certificate Authority then digitally signs the certificate using a hash function.

A hash function, when combined with the certificate, creates a standard length digital signature that should be unique. Three common hash functions are MD5, MD2, and SHA-1. With the MD5 and MD2 functions, individuals with the appropriate knowledge and computing power can recreate another digital signature to match the original. If this happens, an unsuspecting user could unknowingly be redirected to another site.

Most Certificate Authorities realize the weakness in MD5 and MD2 and use the hash function called SHA-1 which, to date, no one has been able to break. As a user, you should be suspect of SSL enabled sites that use MD5 or MD2.

As a further security measure, Go Daddy does not allow null bytes in common names and manually review all requests containing either "" or "/" to prevent misuse.