Privacy and Security

About Your Privacy

As an anonymous suggestion box service, we know that privacy is paramount on everyone's mind. So here's how we protect your privacy:

For those submitting responses

  • When you submit a response with Suggestion Ox, you are never asked to include your name, email or any other identifying information.
  • No information about your web browser, IP address or anything related to your computer or web connection is saved with responses. The ONLY information that is saved is the text of your response.
  • You will never be asked to create an account or perform any other action that would tie your response back to you.
  • Submitting a response with Suggestion Ox does not require the use of cookies.

For our customers creating suggestion boxes

  • We require a valid email address to create a suggestion box and to receive your suggestions, but that email will NEVER be shared with any other party. Period.
  • Your list of responses are saved in your password-protected account. No one besides you has access to those responses.
  • Your password is encrypted in our database, and cannot be retrieved by anyone at Suggestion Ox. If you forget your password, you will need to use the "Lost Password" function on the Login screen to reset your password. No one at Suggestion Ox will ever ask you for your password.
  • No other identifying information is saved with responses you receive. We don't have a "back door" or additional information about any response you receive. Even if we wanted to (which we don't), there is no way for us to provide any additional information about who or where the responses came from. This is truly anonymous.
  • All of your data is kept private and confidential. Period. Nothing is ever shared with a 3rd party. This includes all the suggestions received, usage data, and even whether you have an account. We do not share your private customer data in any way unless compelled to do so by court order.

Security Statement

Box holders entrust Suggestion Ox with their information. Here’s what we do to maintain that trust:

Users

  • Authentication: Your account data is logically segregated by account-based access rules – in other words your account has your account information only and not someone else’s, because that would be confusing. User accounts have unique usernames and passwords when you log on. Suggestion Ox issues a session cookie only to record encrypted authentication information for the duration of a specific session. The session cookie does not include the password of the user.
  • Passwords: User application passwords have minimum complexity requirements. Passwords are individually salted and hashed. This means if you want to uber-protect your box you can put in a complex password. We do not recommend “Passw0rd1”
  • Data Portability: Suggestion Ox enables you to export your data from our system in a variety of formats so that you can back it up, or use it with other applications, or print a copy and fax it to your Aunt Eugenia.
  • Data Residency: Suggestion Ox user data is limited to email address and password of the box owner only. All data is stored in the United States, where it enjoys a comfortable lifestyle and is confused over the political culture here.

Network Security

  • Valid Certificate: Suggestion Ox maintains a valid, trusted server certificate, which is renewed by a qualified certificate renewing expert.
  • Secure TLS Connection: Suggestion Ox uses a strong protocol version and cipher suite.

Vulnerability Management

  • Patching: The latest security patches are applied to all operating systems, applications, and network infrastructure to mitigate exposure to vulnerabilities, and because Suggestion Ox likes to be trendy.

Handling of Security Breaches

Despite best efforts, no method of transmission over the Internet and no method of electronic storage is perfectly secure. We cannot guarantee absolute security. However, if Suggestion Ox learns of a security breach, we will tell you about it so that you can take appropriate protective steps. Notification procedures include providing email notices or posting a notice on our website if a breach occurs.

Your Responsibilities

Keeping your data secure also depends on you maintaining the security of your account by using sufficiently complicated passwords and storing them safely. You should also ensure that you have sufficient security on your own systems.

Last updated: August 28, 2016.