Data security

IndigoImageLab.com was designed from the ground up to keep personal information extremely secure. Here are some points:

• Once you submit an order, your original images are transferred to a restricted server that can only be accessed by Indigo Image Lab. Files on that server are not accessible to the public and are not indexed. Before you place an order, if you delete an item from your cart, all copies of the uploaded image for that item are deleted.
• Our databases and code are protected by aggressive firewall whitelisting to ensure only authorized people can access our resources.
• Electronic processing of payments is entirely processed by PayPal, using their code, on their servers. We do not access, store, or process any payment details of customer payment transactions. After a payment is processed by PayPal, their servers notify ours of the amount of payment and item purchased, and we update that information in a customer's account upon its being received. PayPal is PCI compliant.
• Users of IndigoImageLab.com are protected by TLS version 1.2, the latest and most secure data transport protocol, making it extremely difficult for criminals to gain access to your account and its data.
• Password exchange is securely encrypted in transmission and stored as a strongly encrypted, one-way hash, including a cryptographically secure individual salt for each password.
• Our session tokens, including browser session cookies, can only be transmitted during a secure session. Our session cookies are transmitted via HTTPS only to protect malicious scripts from reading them. Session cookies are generated using cryptographically secure random keys, making it extremely difficult to predict their values.
• IndigoImageLab's web architecture includes components to protect against cross-site scripting (XSS) and cross-site request forgery (XSRF) attacks, including the generation of cryptographically secure anti-XSRF tokens, stripping of all scripting tags, and other measures.
• Logged-in users are automatically logged out after a period of inactivity and after a maximum permitted logged-in time.
• Our web site architecture includes specific components that detect and lock out many malicious bots and scripts, helping to ensure that only authorized humans are using the site.
• In almost all cases, all encryption of data is authenticated encryption, ensuring the confidentiality, integrity, and authenticity of your data.
• All database queries are parameterized, and all user input is aggressively sanitized prior to acceptance into our databases.
• We clearly explain our Privacy Policy and Terms of Service to every user.
• We clearly explain what personal data is collected and how it is used. We do not transmit or divulge personal information to any other party.
• The code that operates our site accesses our databases via a limited, least-required access policy.
• We perform penetration testing and act extremely quickly to remedy any weaknesses found in order to further protect our users' data.
• The cookies created and used by the site are for ensuring the secure operation of the site, contain anonymous, cryptographically-secure data only, and do not contain any personally-identifiable information.
• All site administrators and customer service agents are granted least-required permissions and are given the least access privileges necessary in order to fulfill their job requirements.

Return to the home page.