SECURITY & RELIABILITY

PRIVACY POLICY    TERMS OF USE    ACCEPTABLE USE POLICY    SECURITY & RELIABILITY

Updated January, 2018

The protection of customer data and privacy is 4me’s number one operational priority.

TLS

All information travelling between your browser and 4me is protected with 256-bit TLS encryption. This is the same level of security banks use. The security lock icon in your browser lets you verify that you aren’t talking to a phishing site impersonating 4me and that your data is secure in transit.

The email notifications that 4me sends out to end users, managers and support specialists are also protected with TLS encryption, provided that the email servers of your organization support TLS. 4me’s mail servers support TLS so that all messages sent to 4me are encrypted in transit as long as the email clients set up a TLS connection.

Maintaining a Secure Environment

Access control measures have been deployed at multiple levels to limit access to legitimate users and only to the operations that these users have been authorized to perform.

Access and usage of the 4me service and its hosting environments are continuously monitored in order to identify unauthorized operations and access attempts as early as possible. 4me actively maintains and tests both the hosting environments of the 4me service as well as the 4me application code to prevent security issues as much as practical, and to ensure that security issues which affected the 4me service do not recur.

Apart from the detection mechanisms used for the early identification of possible security issues that may affect the 4me service, response measures are in place to handle such issues if they occur.

Reporting Security Issues

Naturally, we welcome any feedback that can help us make the 4me service more secure. To report a possible security issue that affects the 4me service, send an email to security@4me.com.

Please include a detailed summary of the issue you have discovered, as this will allow us to respond more rapidly and effectively to your report. Security issues are given priority over any other incidents that may affect the 4me service (even over incidents that affect the availability of the service) and are handled through a separate procedure. We are committed to safeguarding your privacy throughout this procedure. You can use the 4me Service Security public key at the bottom of this page to encrypt sensitive information sent via email.

After drawing our attention to a potential security issue, you will receive a confirmation via email to confirm that we have received your report. 4me will subsequently attempt to validate and reproduce the reported vulnerability. If additional information is required in order to validate or reproduce the issue, we will work with you as needed to obtain it. When the initial investigation is complete, results will be delivered to you. If the issue cannot be validated, this will be shared with you.

On the other hand, if the vulnerability has been verified, a plan for its resolution and public disclosure will be shared with you. If the vulnerability is found to be caused by a third party software product, 4me will notify this third party. 4me will continue to work with the third party to ensure that a fix gets implemented. Your identity will not be disclosed to the third party without your explicit permission.

4me will coordinate public notification of the validated vulnerability with you. 4me security bulletins are posted within the 4me service. You, or your company, may want to post your advisories on your own web site or in security forums. When possible, we would prefer that our respective public disclosures be posted simultaneously.

Responsible Disclosure

Notifying a vendor before publicly releasing information about a security issue is a best practice known as responsible disclosure. Responsible disclosure allows companies like 4me to better protect its customers by fixing vulnerabilities before they are brought to the attention of someone who may want to exploit them. We strongly encourage anyone who is interested in researching and reporting security issues to observe the simple courtesies of responsible disclosure. 4me follows the same practice when it discovers and reports security vulnerabilities to other organizations.

Security Notifications

For the protection of our customers, 4me does not disclose, discuss or confirm security issues until a full investigation has occurred and any necessary patches or releases have been implemented. Once a security issue has been fixed, 4me publishes a 4me security bulletin about the issue within the 4me service.

Public Key

The 4me Service Security public key has an operational life span of three years. When we generate a new public key, it will be made available on this web page.

Key ID: 0EDD90DE3D5572A8
Key Type: RSA
Key Size: 4096
Expires: 2019-12-21
Fingerprint: E1C5 2B25 D22B E5FA 9FD8  1556 0EDD 90DE 3D55 72A8
UserID: Security Team at 4me.com <security@4me.com>

—–BEGIN PGP PUBLIC KEY BLOCK—–

mQINBFo7l5cBEAC54EUBSt9HZLaChzUPCQMC8nW5Oi72oYyc4SLfGjBs56+QmeLM
eodfkkneH5bQ+M408NWdNj8ReQ+X83DjfOjr7PFjCK4nyrM27j0iRJ7c+vDaf5iS
a506mTvYwz6+8xrVTBHaNjmHwNpNklr+L0IK35lfJ0onsKMqI3tf+7bawonQE3E3
kYOmDhsM7fqZv4V/S2ylGSNI7ctkE+qNx4WqPWVMTrhW8Hc9gJvkgnMKHzDuKFJb
0UT1ijGqfLn8Blb+iOe3ws8zRRXLWRsYlek2QSfg+EuoL65YwkqLglIbXxZrWknS
y22SC0eL2+2l6QtJN5XwCdLxWzn9buL5S+LxYLEEu+x/lDDAokteKdxJknfaIOQl
4FKWhtu3Sj+JzN6LgCh9UlugVjXPahrLlAttlatXvdNd/AymjbvLRo2S82EgJL2H
lA0DgJbBtKKZn59zZVU3Sc4VQ8DK4f5vNch8hkTqiPkhdbf+tHshMK67R8JcRfTJ
Zo8sYvDYrTZq/SZjVZlw1pOvbOXdKDrWVz72Ytrx0k+TVMOn7L/LjEpZfPdDopDx
AveIIqEIEDl6EQkHmblpE766YeRhHeSiEcKNX/fmdL8iZzjQNaoN4q6IMPoiPigb
A4J2Pk6Io2efaTmazdUrcEwYcgOLaTz+UktKOW1zpBoPA4FUm2+8g982NwARAQAB
tCtTZWN1cml0eSBUZWFtIGF0IDRtZS5jb20gPHNlY3VyaXR5QDRtZS5jb20+iQJU
BBMBCAA+FiEE4cUrJdIr5fqf2BVWDt2Q3j1VcqgFAlo7l5cCGwMFCQPCZwAFCwkI
BwIGFQgJCgsCBBYCAwECHgECF4AACgkQDt2Q3j1VcqgYpw/9EU7DvlVTMQqQbdPZ
h+KdvjgDOj0lsPh+bbvULyI1A1+ldIBYPxE4r6yGr3KtHRQr99vIR/T/Cm/cpeDi
sbjMNRCAUXlRt0tXFhbBwnKhPCLgPpPSS8ewNoWkl9p0VbKRBfJOI+9Sqf7i18x+
u8kELUV7sw0/B8JW14yNAiidAgMuA8zAKRnO+FvpMbfSjWlaYhxe16XtryyOGDds
rym+FzNk6uiyfx/FoiGS/jlH8kskJnTGOuYD7LHjRwyO0acL+8U6Pr/mIxydkMXJ
T2PJ8TwHmwqdeBnV+5cCSa+1oKAroSgUUAPS8WDCBYd11H/1SfWpZxVnIuE2ppJE
6rH2XCjR3zNgK3sR9W6nRJHUQ5fKUahe3h1TZKl9tr+M330Ub5gRBqawnTccuuYz
X84wzOAiaI5MLpq+s/x3qk3aqpC8KoSOeg/fQ1qzTJ61wNVA7Ml5uvKIZ7ojhsCA
3jav6k2yFKbcR4m0Fbj30Yq0+Ex69pFRffoKjioP2fAIaPE1zrGcj+fyezGEU2yR
GcDxiQ0iamWgaNeZcKBq53BJ+EcVhzWf42O6RULG+YZZ80OsVElIZ9zog4Jh7VDT
G2ksOhhjdRJd9vbQEKpA4cYkU1+ykOM7O7gbZVmY8v3eF2BpP8Ve8iPsbqnUaLpL
L9NrSKvVPsx8/VdOePn2Ekz5T+q5Ag0EWjuXlwEQAL+WUNFQ/uEbI2HJmnurNjPq
Yf+MctfyLwSvT6LpxMJi6aJITc/fVuqsylRV8Y2e88ueDplFU0Dfc4sJ6i4rIZpF
NzIwTPP+8UGW8ATE3YYpl+NKdLfZy4HKlr1rv5aUsaYjWx10kQnLl1rDeyenUzDx
afObWSCSIvpx+x4WVtqCgp1gzH0g8vvYWjmD3JVtOja9UPw7g3+jWxww3BX1J0l1
acirULrI93Jmwx9S54VsnLjQ3EFOC0L2Nzwdp5iF1xC6Q1ZWRpBSz1UIiI7HO/bB
zvXYMkueUG9AsjoWDGIg8n0W4bVbvS/DTXpuZL2XhVNPAFqvOVPE/Db0QxAffQng
NB9Rrd5F6sQMaDyoPHpjRELuYjyWNGTxfhSz46E45ep0teMP6DaMYKuOSjaa2Bkx
j/vnwiI1DvZskPRUfR4aNOHgZMFxTOtHkZmSg2V8OKoFpWxjs1Sbb1Fp+4QOk8AE
A0sJAlTPspXPaMRiK/w/U23pQ3jDjLTcuLTePv4A4us8r/G3h0Mu6yQkJDF+a2bo
97i24/ttuAxMghJG3NzzTaMk3FAkNVSd/ty99t8tNpolF024cNyeaAZR4M5sUDuF
PRy9Rm2yCDFpfNJpp5ztlYYYfFTsWRdstnaWcROG15zMhJYIQOt3uCgftXZLiTTN
dH2GCnCycThs9Tdpxz19ABEBAAGJAjwEGAEIACYWIQThxSsl0ivl+p/YFVYO3ZDe
PVVyqAUCWjuXlwIbDAUJA8JnAAAKCRAO3ZDePVVyqPCvD/92KdDuAwHcWKIzS+Id
JF1rl/3zgm4g3IWDlQkDCh6+sACUHupiilJLvs7IqIkJIMyHBJURn4W/ElGZ4W8a
OLq/W4C24c9ygqfvl8xUJ2KZDreOFFNi9tgjtJLUr6+nzdz+scpdmdP5tVcQJdSv
Za2ptyVFFGJd5IT72XLWSwqDJefNOu6aKiBY2yDTe0qdzDn/0jUY7bqdhV6eZk7Q
xuX/jVsBmPiRwu/l24xlkp2DutzFrVkmofhHmldGurBQXXjfzx6UYYa7qMzS6em6
ze9z+UVklv1vw0EYvH9ldthkkPyNKm86DDyuKKqifwqo31cbcYhP7+lrlOvUe333
/82reEl9/DtOI9Q+20Zz3WJpk9SJTwyCh6URxQkpWwwmwuKMThQTNbo6Do7D3+2i
4uISd/0lo+uWyjguqZ4quMix0So7g++OaS3bxROJBu1qITZH4V3UEKN6BifVSnZY
pxAzUqUNeSaYKFsXdszJeDiLGe+krXkC5h4F58jkmMBXuksJxqQWAbujYg6yyC6D
xOoDEmAL0/cPDoVtnmHcxGcxkWLqLgIT4VlE/eXklUElSbK07o9ldnJqscCIZSXM
1FZFFToxzuL7Fjd9LA3RposSYH6VVEWVBM+ZQBncszSPOs2ndLbz2bTkSMxiPn3S
cq2SDEVJm7y2VaJGv7EHgtrd0Q==
=FcL8
—–END PGP PUBLIC KEY BLOCK—–