How should I deal with Privacy Concerns?

[x942]

In a few months I am hopping to launch a product. My issue is I am unsure how I should approach users with registration. I (we) will not be selling this in anyway and already have plans to store it in an encrypted database to prevent leaking if we are ever compromised.

When you buy a product (like a TV, Computer, etc.) and you are required to register your product for the warranty. What information are you okay with giving? (i.e. name, number, etc.)


Do you prefer supplying it up front or when you are about to claim the warranty?

Any tips for this are more than welcome. I want to make sure we keep information private and don't ask for too much.

[Dezaxa]

If you are just collecting basic information such as name, address, phone and email, then encryption is adequate protection. You should use a well-known and public encryption algorithm, such as AES or Twofish, and not try to write your own. You will also need some procedures around it, such as restricting administrator access to the database and the encryption keys. You will also need to write and publish a statement of privacy policy, stating what data you are collecting and for what purpose.

If you are providing your users with a username/password for logging into your systems, then the passwords should be salted and hashed, again, using a well-known public algorithm. If you are planning to store credit card information, then you will need to comply with PCI regulations, which is a whole different game.

Personally, I don't mind providing name and email as part of product registration; I'm somewhat less happy about address and phone, although if it is a substantial purchase, this would be OK.

[x942]

Quote:

Originally Posted by Dezaxa

If you are just collecting basic information such as name, address, phone and email, then encryption is adequate protection. You should use a well-known and public encryption algorithm, such as AES or Twofish, and not try to write your own. You will also need some procedures around it, such as restricting administrator access to the database and the encryption keys. You will also need to write and publish a statement of privacy policy, stating what data you are collecting and for what purpose.

If you are providing your users with a username/password for logging into your systems, then the passwords should be salted and hashed, again, using a well-known public algorithm. If you are planning to store credit card information, then you will need to comply with PCI regulations, which is a whole different game.

Personally, I don't mind providing name and email as part of product registration; I'm somewhat less happy about address and phone, although if it is a substantial purchase, this would be OK.

Thank you

Right now our servers are using a similar technique to how LastPass works.

Username + password and Hashed with SHA256 = Encryption Key

Encryption key + Username hashed with SHA256 = Authentication Token

We never get your key. Your key is used to encrypt your name, addresss, Credit Card, etc. Decryption happens client side.

Now unlike LastPass we need that info at some point (when processing the sale). What we do is establish an SSL (AES256) connection with the user. The client decrypts their data with their key, When they go to pay their info is encrypted with our public key we decrypt it, processes the order and never store it.

The only place it is stored is in your "vault". As we never have the keys even if we are compromised that info can't be leaked on our end.