· Concerns About Security, Cookies & Using Credit Cards On The Web ·

ALL WEB-ENTERED CREDIT CARD TRANSACTIONS ARE MANUALLY PROCESSED AT OUR OFFICES;
TO AVOID ERRORS IN CREDIT CARD CHARGES, NO AUTOMATED TRANSACTIONS ARE EVER PERFORMED.

YOU MUST BE CONFIDENT THAT YOUR INFORMATION GETS TO US, ONLY TO US,
AND THAT NODODY ELSE CAN EVER INTERCEPT IT!

AND YOU CAN HAVE THAT CONFIDENCE.

BACKGROUND: We would like to make your purchases as easy and convenient as possible, but we share your concerns of providing credit card information over the Web. We ultimately leave this choice up to you, and if you are not comfortable with encrypted forms transfer, we provide the convenient option of faxing or phoning us your orders. Using the methodology we have developed, we do believe you can be comfortable sending us your order and credit card information directly from our web site; our research has shown us that no instances of credit card fraud have been discoverd for transactions using this methodology! Please read on to see how we are doing it:

We have developed a completely secure method for transferring this data in a manner that cannot be eavesdropped, using SSL (secure socket layer) technology, with site authentication verified in your browser (solid key lower left in Netscape; padlock lower right in Internet Explorer). We use a Verisign digital ID with Secure Server Certificate Authority issued under the RSA Data Security root. Each browser has a different method for viewing and verifying the certificate data, which can be accessed while you are on any of our secure pages (you will see that our certificate is held in the corporate name of IMC Online; IMC is our corporate partner in our web services division).

A NOTE ABOUT "COOKIES":  There is much information available about "cookies"; the knowledge base at netscape.com has explanatory articles available on this very misunderstood topic.  Cookies can't be used to search your hard drive, but can be used for "remembering" information you have supplied to a site while on line (after having filled out a form, etc.).  Some internet companies might use this data for selling mailing lists or other purposes of which you were not aware or desirous.

yachtSOFT.com DOES NOT USE COOKIES, WITH ONE EXCEPTION:  We use "active server pages" (ASP) technology for managing your shopping cart when exploring or ordering from our on-line catalog.  To make this work, and to make your on-line shopping convenient, the ASP protocol places a "temporary" cookie in your browser when you enter the catalog:

• This cookie creates a temporary session id # that expires in 20 minutes; it's purpose is to "remember" what items you have placed in your shopping cart until you are ready to "check out".   This let's you order an item, go back to look at other items, and when you are ready to "check out", the items you previously selected will be waiting in your "cart" without having to re-select them; nothing more & nothing less.   THIS COOKIE EXPIRES EITHER ON "CHECK OUT", OR 20 MINUTES FROM ENTERING THE CATALOG IF YOU DECIDE NOT TO PURCHASE ANYTHING!

• This cookie never links to any browser/user information, and it is automatically erased from our server once you have been away from our site for more than 20 minutes.  We guaranty it!

• But please understand: in order for the shopping cart to work, you must accept this temporary cookie.

ABOUT SECURE SOCKET LAYER: The SSL protocol encrypts the data transfer, allowing client/server applications to communicate in a way that cannot be eavesdropped. Secure Socket Layer is a technology originally developed by Netscape that negotiates and employs the essential functions of mutual authentication, data encryption, and data integrity for secure transactions.

Encryption is the process of protecting data from being read by unauthorized users by transforming the plain text data into an unintelligible form (ciphertext).The protected data must be deciphered using an inverse decryption process before it can be read. An encryption key is the code used to encrypt or decrypt the data.

Is the encrypted transfer safe from eavesdroppers? Yes. Both the client (your browser) and our secure server provide part of the random data used to generate the keys for each individual connection. Additionally, each record is protected with a MAC (message integrity check) that contains a sequence number for the message. In the end, each secure transfer has an encryption scheme that is randomly generated during that session, it is unique to that particular transaction, and the information is then deciphered off-line.

THE BOTTOM LINE: It is the general consensus in the credit card security industry that transactions via data transfer employing SSL is more secure than walking into a store and handing someone your credit card (where they can record the information, keep a copy of the imprint & signature, etc. But if you are still concerned, please feel free to either:

• phone us your order, or

• use our "shopping cart" to create your order, but when you go to "check out," simply fill out all the order information, print the order frame, and fax it to us; this will this will give you a convenient and complete printed order form for faxing, making it quicker and easier to place your order.

We pride ourselves in the trust we establish with our customers,
and we assure you that we have made the extra effort
to maintain security throughout these transactions.

FOR MORE INFORMATION: There is much documentation available about SSL secure data transfers; one of the best sources is Netscape's web site, where you can do a search for writings on the subject.