We use highly robust security configurations – the same used by entities protecting some of the most sensitive
and valuable information such as banks and other fiscal software services. Any and all connections with Estate
Map are forced to take place over SSL (an encrypted method of communication between a browser and a server). The
system uses strict routes (software components that interpret browser requests made by the user), each of which
uses filters to scrub data and enforce limited input types to prevent invalid input. As for storing information,
Estate Map™ uses some of the highest-grade encryption techniques available. One in particular (XTS), uses a
combination of three different types of encryption with subsequent different unlocking keys – a technique
approved by both the NIST and the IEEE (organizations that make recommendations on security). All user
information is stored on a remote server which has no direct internet access – only Estate Map™’s primary servers
know how and where to access it. Estate Map™’s password system is also highly secure and unique, using both
hashing and a salted bcrypt algorithm, but with a salt that is changed each time a user logs in. When proxies
are assigned, they use a complex key relay to release data from the Network Attached Storage (NAS) system. This
relay is enforced deep within the system, so even if one piece of information were breached, other user
information cannot be accessed. Finally, each user has a level of control over the security; first with the
system’s requirement of a complex password, second, through the use of a security image technique that helps the
user know that he or she has reached the proper site, and third, by requiring the user to verify each new proxy
before that person is granted access to user information.
Your privacy is not for sale. Simply put, we do not and will not sell or rent User Personal Information to
anyone, for any reason, at any time. We use and disclose Personal Information only as follows:
In addition, overall usage practices and behaviors of Users may be collected in aggregate for reporting purposes
but will never include identifiable Personal Information in the process.
PRIVACY AND SECURITY POLICY
We are committed to maintaining the confidentiality, integrity and security of every piece of personal
information and materials input and stored (“Personal Information”) by and concerning each and every subscriber
(“User”) in the course of utilizing these services (“Services”). This Privacy & Security Policy explains how
we protect and may use that Personal Information.
Your Estate Map™ account subscription is managed by the estate attorney or professional services provider with
whom you have contracted to receive estate planning services (“Professional”). This Professional has engaged
EstateMap, LLC, a Minnesota limited liability company (“Provider” or “We” or “Us”), to provide you,
the User, with these Services. In receiving the benefits of such Services, User signifies his or her agreement
incorporated herein by reference (“Terms”) and further clarifying the relationship between User and Provider. If
you do not agree to the Terms or the Privacy & Security Policy in their entirety, please do not use the
1. USE OF PERSONAL INFORMATION FOR SUPPORT AND MAINTENANCE
Certain areas and features of the Services may require the provision of Personal Information directly from you
which may include basic registration information or the provision of certain account credentials (“Account
Credentials”) in order to allow Provider to access your account data. In order to support the full functionality
of the Services, more detailed pieces of Personal Information may be accessed by Provider for purposes strictly
related to providing User support and in support of User functionality, but to the extent reasonably possible,
will be avoided.
For broader support and maintenance purposes, access to Personal Information, Account Credentials, and any
User-generated content may be accessed in extremely limited and controlled capacities. Such access is strictly
restricted and undertaken only in accordance with specific internal procedures and safeguard governing such
access, in order to operate, develop or improve the Services. The individuals provided with such access have
been selected in accordance with security policies and practices and are bound by confidentiality obligations.
They may be subject to discipline, including termination and criminal prosecution, if they fail to meet these
obligations. Provider may also use third party vendors or service providers to help provide the Services, such
as sending e-mail messages or hosting and operating a particular feature or functionality of the Services. Our
contracts with these third parties outline the appropriate use and handling of your information and prohibit
them from using any of your Personal Information for purposes unrelated to the product or service they’re
providing. We require such third parties to maintain the confidentiality of the information we provide to
2. CHANGES TO YOUR REGISTRATION INFORMATION
If your registration information changes during the course of your subscription, you may be required to provide
certain Account Credentials to support such changes.
3. SESSION INFORMATION MAY BE USED TO IMPROVE USER EXPERIENCE
When you visit your account, we may collect technical and navigational information, such as computer browser
type, Internet protocol address, pages visited, and average time spent on our website. This information may be
used, for example, to alert you to software compatibility issues, or it may be analyzed to improve our Web
design and functionality.
We may collect cookies from User in order to assist User’s experience, by not requiring User to enter information
more than once, to help User quickly find software, services or information; and to help User find relevant
content. “Cookies” are alphanumeric identifiers in the form of text files that are inserted and stored by your
Web browser on your computer’s hard drive. Provider may set and access cookies on your computer to track and
store preferential information about you. Provider may gather information about you through cookie technology.
For example, Provider may assign a cookie to you, to limit the amount of times you are required to enter Account
Credentials. Please note that most Internet browsers will allow you to stop cookies from being stored on your
computer and to delete cookies stored on your computer. If you choose to eliminate cookies, the full
functionality of the Services may be impaired for you.
We encode our cookies so that only we can interpret the information stored in them. Web beacons are images
embedded in a Web page or email for the purpose of measuring and analyzing site usage and activity. Provider, or
third party service providers acting on our behalf, may use Web beacons to help us analyze website usage and
improve the Services. We may use third party service providers to help us analyze certain online
activities. For example, these service providers may help us analyze visitor activity on the website. We may
do not share any Personal Information with these third party service providers, and these service providers do
not collect such information on our behalf. Our third party service providers are required to comply fully with
this Privacy & Security Policy.
4. DISCLOSURE OF PERSONAL INFORMATION TO PROTECT OUR RIGHTS OR IF REQUIRED BY
Notwithstanding the foregoing, Provider reserves the right (and you authorize Provider) to share or disclose your
Personal Information when Provider determines, in its sole discretion, that the disclosure of such information
is necessary or appropriate:
5. DATA MAY BE TRANSFERRED UPON CHANGE OF CONTROL IN ACCORDANCE WITH THIS
Personal Information may be transferred to a third party as a result of a sale, acquisition, merger,
reorganization or other change of control. If we sell, merge or transfer any part of our business, part of the
sale may include your Personal Information. If so, strict control protections will be mandated to protect your
Personal Information consistent with this Privacy & Security Policy.
6. YOU CAN TRANSPORT OR DELETE YOUR PERSONAL INFORMATION
Your Personal Information is yours. You can remove it anytime you want and, as part of the Services, may have the
ability to download, share or transfer it. When you request deletion of your account, we will also promptly
disconnect any connection we had established to your Personal Information and delete all Account Credentials.
However, portions of your data, consisting of aggregate data derived from your account, may remain on our
production servers indefinitely. Your data may also remain on a backup server or media. Provider keeps these
backups to ensure our continued ability to provide the Services to you in the event of malfunction or damage to
our primary production servers. We also reserve the right to use any aggregated or anonymous data derived from
or incorporating your Personal Information.
7. EMAIL COMMUNICATIONS FROM PROFESSIONALS OR PROVIDER
Users may be provided with email communications and alerts regarding their account. Also, as part of the
provision of Services, Professionals are allowed to communicate with their corresponding Users and such User’s
Proxy or Proxies. Users and Proxies have the ability to opt-out of receiving such email communication but such
termination may impair the full functionality of the Services.
8. YOUR PERSONAL INFORMATION IS SECURE
We use a combination of firewall barriers, encryption techniques and authentication procedures, among others, to
maintain the security of your online session and to protect User accounts and systems from unauthorized access.
When you subscribe to the Services, Provider requires a login name and password from you for your privacy and
security. Provider transmits information such as your Registration Information for the Services or Account
Our servers are in a secure facility. Access requires multiple levels of authentication. Security personnel
monitor the system 7 days a week, 24 hours a day. Our databases are protected from general employee access
both physically and logically. We encrypt your Services password and enforce authentication procedures so that
your password cannot be recovered by anyone but you. All backup drives and tapes also are encrypted. We
enforce physical access controls to our buildings. No employee may put any sensitive content on any
insecure machine (i.e., nothing can be taken from the database and put on an insecure laptop).
However, it is important to understand that these precautions apply only to the Services and our systems. We
exercise no control over how Personal Information or Account Credentials are stored, maintained or displayed by
third parties or on third-party sites.
9. YOUR RESPONSIBILITIES
Your participation is important to our security efforts. While Provider uses a high degree of security in
protecting the Personal Information stored on its servers, we shall not be responsible for the unauthorized
access thereto undertaken through the use of a User’s legitimate username and password. User is responsible for
protecting the confidentiality of User’s password(s) and for the strength thereto. We maintain strict rules to
help prevent others from guessing your password. We also recommend that you change your password periodically.
Your password must be 8-16 characters in length. You are responsible for maintaining the security of your Login
ID and Password. Do not provide these credentials to any third party. If you believe that they have been stolen
or been made known to others, you must contact us immediately at firstname.lastname@example.org, but in any event you
should change your password immediately via the Services. We are not responsible if someone else accesses your
account through information they obtained from you or through a violation by you of this Privacy & Security
Policy or the Terms.
How can I protect my Personal Information?
How can I protect myself from phishing attacks?
Phishing is the illegal attempt to mislead consumers into providing personal or financial information, including
account numbers, passwords and Social Security numbers, via email or through fraudulent Web sites.
The most frequent phishing attacks occur through emails disguised to appear as though they came from a reputable
financial institution or company. Most phishing attempts urge you to update or validate your account
information, typically through a link in an email directing you to a fake Web site that appears to be
legitimate. A phishing attack can be detected. While there are many phishing attacks active on the
Internet, there are some typical characteristics:
We update this Privacy & Security Policy periodically. The date last revised appears at the top of the
Policy. Changes take effect immediately upon posting. It is the Users responsibility to check for updates.