May First protects Member data using technical, legal and political strategies. For a concise explanation, see our privacy policy.
Data security requires a balance of privacy (ensuring only the right people have access to your data) with integrity (ensuring you always have access to your untampered data when you need it).
To ensure the privacy of your data:
- All hard disks containing member data employ full disk encryption on hardware owned by May First so if any hardware is seized, the data cannot be read without a passphrase kept by May First
- All member services use TLS (transport layer security) to ensure that information being exchanged with our servers is encrypted in transit
- We maintain minimal logs that are kept for trouble shooting and are then are deleted to avoid disclosing IP addresses or other location related information about our members
- All member data is cycled off backup servers 10 days after being deleted.
To ensure the integrity of your data:
- All hard disks containing member data use RAID, which ensures that all data is written to at least two hard disks so if one fails, the data is still available on the redundant disk
- All data is backed up to an offsite server using incremental backups allowing recovery of any lost data for up to ten days
¶ Legal and Political strategies
When faced with a subpoena, technical strategies will often fail. May First futher protects Member data by:
- Making a commitment to inform members if they are under investigation when possible
- Engage pro-bono legal support from the Electronic Frontier Foundation to fight any legal threat
- Continuing a long track record of fighting any legal threat to our members.