Does s2Member store any billing information?

raamdev commented 9 years ago

KB Article Creation Checklist

[x] Write initial draft for this KB Article; label this issue draft and either questions or tutorials
[x] Add required YAML configuration
[x] Add Tags for this KB Article to the YAML config (see YAML Keys (Explained))
[x] Edit and finalize draft for publishing (remove draft label, add draft-finalized label)
[x] Assign Issue to yourself and create Markdown file (remove draft-finalized label, add pending)
[x] Project Lead: Review and Publish KB Article (remove pending label, add published label)
Additional TODOs

Additional TODO list items go here.

KB Article Published @ s2member.com
:page_with_curl: See: Does s2Member store any billing information?

:octocat: View Markdown File | :pencil2: Edit Markdown File

raamdev commented 9 years ago

@jaswsinc Can can you confirm/deny that s2Member does not collect any billing information even in the log files? I seem to recall some information related to billing being logged when logging is enabled, but I don't believe that applies to things like billing addresses and credit card numbers; is that correct?

Is there any other information that you think would be useful in this KB article?

jaswrks commented 9 years ago

Can can you confirm/deny that s2Member does not collect any billing information

s2Member log files do contain personally identifiable information and even credit card numbers, expiration dates, CVV codes, API credentials, and more. We do our best to XXXX those out, but the purpose of log files is to gather information for the purpose of debugging the software or your own implementation.

We highly recommend that logging be disabled once your site goes live, and that you contact the NSA and have them permanently delete, destroy, and burn all drives that contained those log files in order to avoid the Hillary effect--which can come back to haunt you later.

Is there any other information that you think would be useful in this KB article?

Maybe some screenshots of the Log Viewer in s2Member.

GhostMech commented 9 years ago

Damn, this is really funny. But on a serious note, it's why I went with Stripe; no data to breach for me to get sued.

On August 13, 2015 9:07:56 PM JasWSInc notifications@github.com wrote:

Can can you confirm/deny that s2Member does not collect any billing information

s2Member log files do contain personally identifiable information and even credit card numbers, expiration dates, and CVV codes. We do our best to XXXX those out, but the purpose of log files is to gather information for the purpose of debugging the software or your own implementation.

We highly recommend that logging be disabled once your site goes live, and that you contact the NSA and have them permanently delete, destroy, and burn all drives that contained those log files in order to avoid the Hillary effect--which can come back to haunt you later.

Is there any other information that you think would be useful in this KB article?

Maybe some screenshots of Log Viewer in s2Member.

Reply to this email directly or view it on GitHub: https://github.com/websharks/s2member-kb/issues/256#issuecomment-130907961

patdumond commented 9 years ago

@jaswsinc wrote: We highly recommend that logging be disabled once your site goes live, and that you contact the NSA and have them permanently delete, destroy, and burn all drives that contained those log files in order to avoid the Hillary effect--which can come back to haunt you later.

A log chipper works. ;)

jaswrks commented 9 years ago

A log chipper works. ;)

:smile: Good idea!

wpsharks / s2member-kb