Security Policy

My-Legacy® takes extreme measures in protecting your information, data, access and privacy.  Security is top priority at My-Legacy.  My-Legacy locks down access at every layer so that no one other than you can access your data. We not only encrypt data in transit and at rest, we implement multi-factor authentication by default and apply various security measures, so that the encrypted data can ONLY be decrypted by the user who created it. There is no back door and if the user fails to establish their credentials, they are locked out.

Review My-Legacy’s Security Policies and feel free to contact us at security@My-Legacy.ai should you have any further questions.

 

My-Legacy Security Policy

My-Legacy enforces various methods to protect your files at rest or in-transit.  My-Legacy enforces all the employees and contractors to comply with our rules that are designed to protect your digital files whether they are accessing them from a computer or from a mobile device.   Here are few of the security measures we take to ensure proper security for your data:

 

Physical Security

We use world renowned, totally secure Amazon cloud services, which is used by many financial and banking institutions.  The infrastructure is managed and protected by Amazon cloud services.

Authentication and Password requirements

Every user registering with My-Legacy must have a unique email address.  We enforce the users to verify that they are the owners of that email account to gain access to their account. We enforce stringent password requirements so that it will difficult to decode.

 

Encryption & Multi Factor Authentication

My-Legacy employs strong encryption methods to protect your information and data. We use the highest standard in network communications – 256-bit SSL to provide access irrespective of the devices you use, whether it be your desktop, mobile phone or tablets.  No one can see it, access it or break it. We not only encrypt data in transit we encrypt the files, data at rest as well, so you are assured that having access to files is of no use and the data can’t get exposed.

We also take a note of devices you primarily use to access My-Legacy.  If we notice your access from the devices we don’t recognize, we may ask you to re-authenticate your account to ensure it is really you accessing your account by sending a security PIN via SMS to one of your registered devices. This provides extra layer of security so that in the event someone gets hold of your password can’t gain immediate access without going through another layer of authentication.

 

Bank-Level security

My-Legacy follows industry best practices and apply many techniques, methodologies used by banks and financial institutions to keep your data safe and secure. This includes, but not limited to, encryption, auditing, logging, and back-ups. We utilize third-party services to test our service for security issues – including scanning our ports, testing for SQL injection, and many other potential security weaknesses. We have also received the Verisign security seal as well as the McAfee Secure badge.

Electronic Communications, Logging & Virus protection

We digitally sign our emails so that you will be able to verify the emails from My-Legacy to be authentic and not altered of tampered with.

We also scan all the files you upload to My-Legacy to look for known viruses and malwares. We will reject any files that may contain viruses or malware.

My-Legacy keeps track of account access and access to all electronic files.  We also implement time-out features on the web site that logs the users off after certain period of inactivity.

 

Knowledgeable Workforce

All employees and contractors go through intensive training on security policies and are held accountable for adhering to the code of conduct.  We have stringent internal processes and auditing that prevent any My-Legacy employees or authorized contractors gaining “Unauthorized” access to your information or files. My-Legacy enforces strict logging policies and frequent audits on all accesses to user accounts, whether by the user, an administrator, an employee or your caretakers.  You will be able to see all the access logs for your account upon request.