Security being an important factor for our business and credibility, we hired an experienced consultant to assess our level of data safety. This professional thoroughly inspected AceProject and outlined some security holes we promptly closed. Moreover, with this consultant, we established a plan to keep our guard up and stay ahead of pirates and hackers.

AceProject is hosted on a dedicated server with Windows Server 2003 technology, 4 Gigabytes in memory, a SCSI Raid-1 hard drive and dual 2.4Ghz Intel Xeon processors. A secondary SCSI drive is installed for a mirror backup. AceProject's server is behind a strong firewall machine that safeguards against hacker attacks.

We use a web hosting service located in Chicago, Illinois in the United States, MaximumASP (http://www.maximumasp). MaximumASP utilizes a scalable, redundant "bandwidth-on-demand" solution. Depending on network traffic and nationwide bottleneck status, our web server traffic is routed down multiple OC-3 Internet connections to national Internet backbones AT&T and Qwest. Our local connectivity is through BellSouth, KDL and Adelphia via high-speed SONET OC-48 connections.

AceProject's server runs on Windows Server 2003. We have applied all security patches for Windows Server 2003 to our server. Our administrator is in charge of keeping up-to-date on current vulnerabilities that may affect our environment. Our policy is to apply new patches as soon as possible. Critical updates are implemented within 24 hours.

AceProject's server is also equipped with a powerful anti-virus software suite. The software's virus definitions are updated every day, and the server is scanned for virus everyday in the night. All file uploaded to the server, for example file attachments, are automatically scanned for viruses. Whenever a virus is found, it is removed immediately.

Our firewall is a physical machine that stands between the Internet connection and the server.

Backups are performed daily in the night and kept on the server's secondary SCSI disk. Every Sunday evening, all client databases excluding file attachments are backed-up to an external medium.

Optional data encryption is available at no extra cost to our clients. AceProject has an SSL certificate from InstantSSL.com. This means AceProject clients can use a secure SSL 128-bit encrypted connection to login to AceProject.

As soon as we become aware of a security breach and that data has been accessed without authorisation, AceProject will contact the affected persons and/or businesses without delay. Furthermore, AceProject will do everything in its power to remedy the situation and prevent its further occurrence. This could provoke a short downtime on the server in order to protect client data while we implement corrective action on the breach. After several years in the business, we have never been hacked.

AceProject makes every effort to preserve the privacy of the information its server contains. WebSystems will never sell, share or publish its clients' data.

AceProject does not send unsolicited email (spam) and will never share or sell email addresses with third parties.

All files attached to tasks are located in a secure zone of the server that is only accessible to users configured in the account to which the files belong. Any other AceProject user or unauthorized visitor will not be able to access these files.

When a client closes his or her AceProject account, the account data is destroyed permanently form the server. However, since client databases are backed-up weekly, it is possible to recover a client database form the external media.

Though we make every effort to preserve user privacy, we may need to disclose personal information when required by law wherein we have a good-faith belief that such action is necessary to comply with a current judicial proceeding, a court order or legal process served on our Web site.

Passwords are encrypted with the "md5" crytographic algorhitm. Thus, passwords are case sensitive and are visible neither by us nor by your account's administrators. This puts the level of security of your data at a very high level. If your forgot your password, you will have to use the "Forgot Password?" link to enter a new one, since it cannot be retreived.