The Common Good system keeps your information as private and secure as possible, meeting or exceeding industry standards. Information we collect:
All Common Good information is stored in a passworded database on a secure server.
All of the information we collect, except your legal name and postal code, is encrypted in the database, using 256-bit encryption -- stronger protection than the industry standard. Then, for all fields except phone, email, photograph, and optional other information, the encryption is encrypted again using a different 256-bit encryption method. None of this information is accessible online except through a signed-in administrator account.
Your PIN and password are also encrypted with one-way encryption, stronger than the industry-standard.
Your most sensitive private data (birthdate, social security number, driver's license or state ID, and bank account number) are encrypted a third time, using a key that is only accessible when a regional Common Good administrator signs in with proprietary plug-in hardware.
The Common Good website is a Secure Server with industry-standard 128-bit encryption (or better) of all information coming in and going out.
Your private information is never shown to you. So even if someone tricks you into revealing your password, they cannot steal your identity or your money.
Your private information is never revealed to any third party except:
In any email we send you:
The Common Good Card's QR code includes an arbitrary security code that is stored encrypted on the Common Good server. When you make a purchase with your Common Good Card, the server verifies the security code and your photo appears on the merchant's scanning device. The cashier verifies that your face and your stored image match the photo on the card.
The photo and security code are never displayed to you on the website, so if your account password is stolen, your Common Good Card is still secure.
If your Common Good Card is lost or stolen, a new security code is chosen for your replacement card.
All Common Good data is stored on industry-standard secure Virtual Private Servers.
For the greatest possible security, our methods of protecting administrator accounts are confidential.