Privacy and Security
Common Good is a 501(c)(3) nonprofit non-bank financial institution for community empowerment, regulated by the Commonwealth of Massachusetts Departments of Public Charities, Corporations, and Revenue, by the Internal Revenue Service, and by the United States Treasury Department. The Common Good system keeps your information as private and secure as possible, meeting or exceeding industry standards. Information we collect:
How we protect your information in storage
All Common Good information is stored in a passworded database on an industry-standard secure server .
All of the information we collect, except your legal name and postal code, is encrypted in the database, using 256-bit encryption — stronger protection than the industry standard. Then, for all fields except phone, email, photograph, and optional other information, the encryption is encrypted twice more using two different 256-bit encryption methods. None of this information is accessible online except through a signed-in administrator account.
Your PIN and password are also encrypted with one-way encryption, stronger than the industry-standard.
Your most sensitive private data (birthdate, social security number, driver’s license or state ID, and bank account number) are encrypted a fourth time, using a key that is only accessible when a regional Common Good administrator signs in with proprietary plug-in hardware.
Your private information is never revealed to any non-governmental third party except with your explicit permission.
How we protect your information in communications
The Common Good website is a Secure Server with industry-standard 128-bit encryption (or better) of all information coming in and going out.
Your private information is never shown to you. So even if someone tricks you into revealing your password, they cannot steal your identity or your money.
In any email we send you:
- We address you by your full name, so you know we know you.
- We provide your account code.
- We never include a link that requires you to type your existing password.
Common Good Card security
The Common Good Card’s QR code includes an arbitrary security code that is stored encrypted on the Common Good server. When you make a purchase with your Common Good Card, the server verifies the security code and your photo appears on the merchant’s scanning device. The cashier verifies that your face and your stored image match the photo on the card.
The photo and security code are never displayed to you on the website, so if your account password is stolen, your Common Good Card is still secure.
If your Common Good Card is lost or stolen, a new security code is chosen for your replacement card.