privacy and security

the first club™ (TFC) utilizes some of the most advanced technology for Internet security available today. When customers access our site using industry standard Secure Socket Layer (SSL) technology, their information is protected using both server authentication and data encryption, ensuring that all data is safe and fully protected.

TFC provides each user with a unique user name and password that must be entered each time the user logs in to the site. TFC issues a session-only “cookie” to record encrypted authentication information for the duration of a specific session , and does not use “cookies” to store other confidential user and session information. TFC implements more advanced security methods based on dynamic data and encoded session IDs.

Our service is hosted in a secure server environment that uses firewalls and other advanced security features to prevent interference or access from outside intruders. Our end-user websites are designed under a Secure Sockets Layer (SSL) Certificate, the global standard security requirement for e-commerce and other transactions online, and are certified by Verisign, the leading third-party web security company.

Vulnerability Reporting

TFC acknowledges that independent security researchers play an important role in internet security. We encourage responsible reporting of points of vulnerability that may be found in our test sites. TFC pledges not to initiate legal action against security researchers for penetrating or attempting to penetrate our systems, provided that the conditions below are strictly fulfilled:

- When reporting potential security vulnerabilities, privately share details of the suspected vulnerability with TFC by sending an email to clubhouse@thefirstclub.com.
- Provide full details of the suspected vulnerability so that TFC may validate and reproduce the issue.
- Not to cause, or attempt to cause, a denial-of-service situation.
- Not to access, or attempt to access, data or information that does not belong to you.
- Not to destroy or corrupt, or attempt to destroy or corrupt, data or information that does not belong to you.

TFC commits to all researchers who follow the conditions above:

- To acknowledge receipt of your report.
- To respond in a timely manner.
- To notify the reporting individual when the vulnerability has been fixed.

TFC does not compensate people for reporting security vulnerabilities, and any requests for such compensation will be considered a violation of the conditions above. In such an event, TFC reserves all of its legal rights.

Data Security & Performance

the first club understands that the confidentiality, integrity, and availability of our service are vital to our clients, their clients and our own success. We use a multi-layered approach to protect information, constantly monitoring and improving our systems and processes, so as to meet the growing demands and challenges of security.

Please consult our general Privacy Policy for information on how we use and manage the consumer data collected as part of our service.

Reliability

Our server hosting supplier is one of the world’s largest. They host millions of websites, some of them for the largest global corporations and guarantee 99.99% uptime, by using the industry’s best technologies and practices to guarantee reliability and security. Even fail-safes have fail-safes!

Read our service level agreement, click here. 

See our server uptime, click here. 

Website security

Our end-user websites are designed under a Secure Sockets Layer (SSL) Certificate, the global standard security requirement for e-commerce and other transactions online. SSL certificates combine encryption to protect information as it travels the Internet and identity information about the certificate owner to protect against fraud. Our end-user websites are certified by Verisign, the leading third-party web security company. On an on-going basis, Verisign authenticates, verifies the status of our malware protection, and monitors our SSL Certificate details. This guarantees to our corporate clients and their end-users that they operate in a secured, third-party verified web environment.

Secure data centres

Our service is collocated in dedicated spaces at top-tier data centres, in several locations around the world.

These facilities provide best-in-class support, including:

- Physical site security
- Access control
- Environmental controls
- Power feed security

Protection of user information

Our end-user and transaction data is hosted on a third-party “cloud” application, Salesforce.com, the world’s largest and most respected CRM (Customer Relationship Management) specialist. The data itself is hosted on several servers in different locations, under the security procedures of Salesforce.com, which are among the strictest in the world. Information on Salesforce.com’s security can be found here.

Secure transmission and sessions

Connection to TFC websites is made using global step-up certificates from Verisign, ensuring that our users have a secure connection from their browsers to our service.

Individual user sessions are identified and verified with each transaction, using unique login details.

Network protection

Perimeter firewalls and edge routers block unused protocols.

Internal firewalls segregate traffic between the websites and databases.

Backups & Disaster Recovery

Our systems automatically perform real-time replication to disk at each data centre. Data is transmitted across encrypted links.

All data are backed up to separate servers, on a rotating schedule.

For any questions on Security and Privacy, please contact us by emailing us at: clubhouse@thefirstclub.com