TBlox.com all rights reserved
Security

TBlox (hereinafter referred to as "TBLOX") has created this Security Policy in order to demonstrate our firm's commitment to security. The following discloses our security and accessibility policies.

Site certificate information
TBLOX understands that the security of your personal information and business details is important to you. Whenever you submit personally identifiable or business identifiable information or transfer other information and documents to and from TBLOX.com, you will be doing so through our secure servers.

The TBLOX.com service only allows secure browsers access to the system. The browser's "secure mode" is in place only when you are logged in to the system. You will be able to tell that you are in a secure mode when your browser displays a special icon on the lower bar of your browser window.

Every secure page (i.e. every part of the user interface) on TBLOX.com has been secured with a digital certificate by GeoTrust Inc.. This is shown via the "site certificate" that is resident on all secure pages. To view this certificate, click on the image of the closed lock on the bottom bar of your browser window. A small frame displaying site security information will appear. This allows you to verify the site certification authority and that you are in fact on TBLOX.com or a sub-domain of TBLOX.com, e.g. secure.TBLOX.com.

User identification
Only the users of a TBlox-module can see the TBlox-module and access its contents. Each user selects his/her own password for TBLOX.com. The users' passwords are stored in a one-way encrypted format and are not accessible to employees of TBLOX.

After entering the required registration information as a new user you will be able to access your user account immediately. The password is chosen directly as part of the registration process and not sent to you by any other means.

If you have forgotten your password, or your password is not working for some reason, you can re-establish your identity with the system as follows:

  1. Go to https://secure.tblox.com/partner/tbloxwebsite/lostpass.php?lang=en.

  2. Enter your registered e-mail address in the form and click "Send me my password".

  3. Follow the instructions in the e-mail message that is sent to you (after step 2).

A password system has been established to ensure that only you can access your personal information and TBlox-modules. The acceptable minimum password length is 8 characters long and should contain at least 2 numbers and 2 characters. We recommend that you use a random combination of letters, numbers, and cases to provide added protection (for instance: 'Hfg#358-mZ' would be a good password).

Each time you login to the system you will be required to authenticate your identity by entering your previously supplied username and password. Upon successful login, you are issued a unique "session id" (does not include any personally identifiable information) which allows you to remain active as long as actions are performed in the system at least once every 30 minutes, after which any further actions require you to re-enter your username and password. If an incorrect password is supplied, or if you simply forget your password, you may need to re-establish your identity following the instructions above.

After an undisclosed number of unsuccessful login attempts, you will be locked out.

Protection of information being transmitted
We use encryption technology to ensure the safe transmission of your information and documents when logged into the system. Your browser provides security by allowing us to use Secure Socket Layer (SSL) encryption up to 128-bit key length encryption when transmitting information and documents. The number of bits of secret key length varies between 40 and 128 depending on your browser's capability. The highest available bit length is always used. All communication between your computer and TBLOX applications is encrypted using SSL.


Protection of stored information
TBLOX takes many measures to protect client information while it is stored, including:

  • Utilizing a firewall to protect our server farm and stored information. A firewall is a barrier to unauthorized users to prevent access to our systems.

  • Monitoring system and application activity logs to identify any unusual activity, from authorized and/or unauthorized individuals accessing our systems and/or making changes to stored information, for investigation.

  • Housing the server farm in a highly secure building to provide additional protection against unauthorized access and changes to stored information.

  • The system administration at TBLOX.com has no functions allowing access to a client's TBlox-module. It is thus impossible for employees at TBLOX to access clients' documents. TBLOX has also taken special steps to ensure that only a few key people are aware of how the security system is designed and implemented.

  • All employees at TBLOX are bound by a confidentiality and non-disclosure agreement prohibiting access to and dissemination of information handled by the company's clients when using the TBLOX.com Web service.

In addition to client data, some personal information is stored in our databases and in browser cookies. For a complete list of what personal and demographic information is stored at TBLOX.com we refer to our Privacy Statement, which is available here

Internet connection and server architecture
The third party hosting and data center (HostMySite.com) provides the hardware, the datacenter environment and delivers the server hardware infrastructure to TBlox. The HostMySite.com offering is performed under the HostMySite Type II SAS70, which is included in the SLA between TBlox and HostMySite.com. For the purpose of this report, the activities and controls performed by HostMySite are excluded. It is the intention to include the HostMySite.com Type II SAS70 at December 31, 2008. At this date both HostMySite.com and TBlox intend to provide a Type II SAS70 report.

This server farm consists of a range of redundant hardware components including:

  • Large bandwidth redundant Internet connections to one of the main Internet connection points and redundant routers with fail-over configuration.

  • Application and Web servers in the form of several load-balanced multi-processor servers.

  • Redundant database configuration.

  • Database server mirrored in a fail-over server, which will take over if the main server is interrupted.

  • Highly secure computer facilities with cooling systems, UPS, backup systems and fire protection.

Backup routines
TBLOX has implemented the following backup routines:

  • All systems are writing their data to redundant RAID configured disks

  • All client data is simultanously written to seperate servers

  • A differential backup that saves changes made to files over the last 24 hours is performed every day. Backups are also stored on a geographically different location, to guarantee the availability in all emergencies.

  • Complete backups of systems are available both of short history as well as longer ago.

  • The encryption and inaccessability for personell of the client's information is retained whenever backups are performed.

  • TBLOX has implemented routines for restoring backed up data.

Accessibility

  • TBLOX undertakes to provide the customer with access to the TBLOX.com service as specified in detail in the Terms of Use, which is available here and as set forth from time to time on TBLOX's web sites. In the event of any conflict between this policy, the information on TBLOX's web sites and that which is stated on the aforementioned Terms of Use, the Terms of Use shall take precedence.

  • TBLOX undertakes to adopt reasonable measures in order to ensure that the TBLOX.com service is available over the Internet around the clock, seven days a week. TBLOX shall be entitled to take measures that affect the aforementioned accessibility where TBLOX deems such to be necessary for technical, maintenance, operational, or security reasons.

  • The customer shall be aware and acknowledges that the customer's access to the Internet cannot be guaranteed and that TBLOX shall not be liable for deficiencies in the customer's own Internet connections.

  • In the event of defects or deficiencies attributable to TBLOX, TBLOX undertakes to act to rectify such defect without unreasonable delay. In the absence of intent or gross negligence by TBLOX, TBLOX otherwise assumes no responsibility for defects or deficiencies in the TBLOX.com service. Error notification must be given by the customer in accordance with the instructions announced by TBLOX from time to time and within a reasonable time of the discovery of the defect.

Changes in this policy
TBLOX reserves the right to modify or amend this Security Policy at any time and for any reason. Users will be notified about changes in the Security Policy via our web sites and newsletters.

Additional information
Additional security information is available here.
Additional information on the terms of use is available here.

Contact information
If you have any questions about this Security Policy or any other inquiries, you can contact:


TBlox BV
Van Nelleweg 1
3044 BC Rotterdam
The Netherlands
+31 10 750 3190
mail icon This e-mail address is being protected from spambots. You need JavaScript enabled to view it