Privacy Statement
XMission has created this privacy statement in order to demonstrate our firm commitment to privacy. The following discloses our information gathering and dissemination practices.
Personal Information Collection and Use
Most of the information given to XMission in the registration process, or at any other time is for XMission’s use only. XMission is the sole owner of this information and we will not sell, share, or rent this information to others except in the limited circumstances outlined in this policy or the Terms of Service. A court order is typically the way that this information can be accessed by another party or organization. One exception to this is the “Online Name” field that’s filled out during registration. When someone runs the UNIX “finger” command on an account (e.g., ‘finger username@shell.xmission.com’), it will show this “Online Name”. This will also be displayed on a new customer’s default Web page. This is the only information that is made public and you, as a customer, may elect to put anything you’d like (or nothing at all) in this particular field. It can also be modified at any time. XMission does not offer services or sell products to children and does not request or knowingly collect personally identifiable contact information from anyone under the age of 13.
Law Enforcement Guidelines
XMission retains customer website client access logs indefinitely for analytics, but will remove or rotate them upon customer request. We retain server logs for up to 30 days for debugging purposes. XMission honors specific law enforcement requests for preservation; however, we require that law enforcement serve warrants for extraction. Our Tor server has zero log retention.
To contact XMission:
Grant Sperry, Vice President of Operations
XMission, L.C.
51 East 400 South, Suite 000
Salt Lake City, UT 84111-2753
Phone: 801.539.0852
Legal Response Email: legal@xmission.com
XMission will hold data for up to six months upon receipt of a specific retention request. If a subsequent warrant for the data is not served in that time, the data will be discarded. XMission may hold raw data for unsolicited/unlawful commercial emails, commonly referred to as SPAM, for up to three years to assist with its SPAM mitigation effort for the benefit of XMission’s customers.
XMission makes a single exception for sharing customer contact information when processing a credit card. Otherwise, no customer data or demographic information is sold or shared without a warrant or as required by a Court.
XMission charges $250 per hour for administrative services.
System Logs
All information logged by our various systems is also used for internal purposes only, and will not be released unless under a court issued warrant with the proper jurisdiction. XMission customers will be notified of all government and law-enforcement requests for their private data, whether done according to U.S. and Utah constitutions with a court issued warrant or improperly without.
Public Forums and Links
XMission makes chat rooms (IRC), forums, message boards, and news groups available to its customers. Please remember that any information that you choose to disclose in these areas becomes public information and you should exercise caution before disclosing your personal information. XMission’s customers should also be aware that any information they disclose on their own websites becomes publicly available. XMission is not responsible for any information our customers choose to make available in any of these forums. Also, please note that XMission has links to other sites. We encourage our customers to be aware when they leave our site and to read the privacy statements of each and every Web site that collects personally identifiable information. This privacy statement applies solely to information collected by XMission’s Web site.
Information Security
XMission takes every precaution to protect our customers’ information. When customers submit sensitive information via our web site, their information is protected using the safest and most secure methods available. When our registration or service request forms ask customers to enter sensitive information (such as a credit card number), that information is encrypted and protected with the best encryption software in the industry for the web – TLS (Transport Layer Security, currently the most secure cryptographic protocol for web browsers and the successor to SSL (Secure Sockets Layer)). When on a secure page, such as our credit card payment form, the lock icon should show in the address bar of your web browser. While we use TLS encryption to protect sensitive information online, we also do everything in our power to protect user information internally. XMission is responsible for cardholder data that we possess, store, process, or transmit on behalf of our customers. To minimize risk and improve security, in conjunction with our merchant bank, XMission utilizes Customer Information Manager (CIM) to tokenize and store our customers’ sensitive payment information on our merchant bank’s secure servers instead. What this means is that we don’t store sensitive credit card information, greatly limiting risk and improving the security of your payment card data.
All of our customers’ information, not just the sensitive information mentioned above, is restricted in our offices and data center. Only employees who need the information to perform a specific job (for example, our billing clerk or a customer service representative) are granted access to personally identifiable information. Our employees must use a secure shell (ssh) to access this information and must also be allowed access from a specific IP address within the office. Furthermore, ALL employees are kept up-to-date on our security and privacy practices to avoid security breaches through what is called, “social engineering.” Important details and changes are discussed in staff meetings and email memos. Finally, the servers that we store personally identifiable information on are kept in a secure environment, protected by a firewall and kept in a secure room in our data center. If you have any questions about XMission’s security, please feel free to contact security@xmission.com.
Necessary Submission of Information
Personally identifiable consumer information is shared with Authorize.Net, the credit card processing company we use, to the extent it is necessary for them to provide payment processing services. In limited circumstances, your email address may be identified in connection with its receipt of SPAM email in an effort to mitigate the ongoing receipt of SPAM. The parties to whom your email address may be identified are, in most cases, already in possession of the email address and the identification thereof is required in order to have the email address removed from a SPAM list or as part of judicial proceedings.
Correction/Updating Personal Information
If a user’s personally identifiable information changes (such as your zip code), or if a user no longer desires our service, we will endeavor to provide a way to correct, update or remove that user’s personal data provided to us. This can be done by contacting accounting@xmission.com or by calling 801.539.0852. The person changing the information MUST be the contact on the account. Normally, the contact is the person who opened the account or a person who was assigned to the account by the business. To change the information, you must be able to verify that you are, in fact, the contact on the account.
All account contact changes must be completed by the customer using an XMission Contact Addition Form. Customers can request this form from any XMission employee. This form should be completed, printed on the customer’s business letterhead, and returned to XMission via FAX, postal mail, or secure email. If sent via email, the digital copy must be in a readable format (e.g. PDF, JPG) and emailed to billing@xmission.com An XMission staff member will send a confirmation email to the customer to verify that the email address is valid for the company. When the customer responds to that confirmation email, he or she can be added as a contact.
Notification of Changes
If we ever need to change our privacy policy, we will post those changes on this page. We will also send an email announcement so our customers are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. Rest assured that XMission has no intention of disclosing or selling customer information in the future.
Contacting XMission
If you have any questions about this privacy statement, the practices of this site, or your dealings with XMission, you can contact XMission in many ways, depending on your preference or needs. If necessary you can request to escalate a matter to a supervisor.
“I think XMission is the greatest. I use it at home as well as work and I’ve always had such great response when I’ve needed help. Thanks for supporting our community’s nonprofits.”