Security
Overview
Optimism Apps Pty Ltd takes the security of clients' records very seriously. We would not offer Optimism applications publicly if we were not satisfied that clients' records were secure. This document has been written to be as transparent as possible. It is important that you have a good understanding of our security arrangements, and make an informed decision before using our applications.
Optimism Online Database
The Optimism Web, iPhone and iPad apps save clients' records in a database on the Optimism Online server (optimismonline.com). The sync service in the Optimism desktop software transfers records to the same database.

The only personally identifiable information held on the server are email addresses and first names. Email addresses and passwords are encrypted.

We use a PostgreSQL database for storing clients' records. PostgreSQL is a mature object-relational database that has been in open source development since 1996. The PostgreSQL Global Development Group (PGDG) takes security seriously, so that users can have confidence in the security of the database and applications built around it. Their approach allows excellent configuration options, ensuring a secure, robust database, and seamless integration with our applications.

We maintain a "trust list", which is comprised of 3 individuals who are responsible for maintaining the Optimism Online database. Access to the database is on the basis of IP address (according to the trust list), username and password. In effect this means that for someone to access the database they need to be sitting at one of 3 computers worldwide, and know the username and password.

The database (and application) are hosted on a "virtual private server", which is a segregated section of a server. We don't share it with any other domains, including others that we own.
Your Email Address
When registering to use the Optimism Online database the email address does not need to be a primary email address; it can be a secondary email address (perhaps used for privacy purposes or spam). We don't validate the address when you sign up, except to ensure that it is in the correct form of an email address. (You don't need to click on an email link to complete registration).

The email address serves three purposes:
  1. It can be used to log in instead of the username.
  2. It is used for resetting a forgotten password. This is the most important reason for using your regular email address.
  3. It is used to send you a periodic newsletter if you opt-in to be added to its circulation list at the time of registering.
Please consult our Privacy Statement for further information regarding our Privacy Policy.
Final Note
In the area of database security it is never possible to give a 100% iron-clad guarantee. Security on the internet is very dynamic in nature. However we believe that the standard we set for the Optimism applications is very high, and will give clients confidence that their records will not be read without their permission.
Notification of Changes
This document will be updated as changes are made to strengthen security arrangements. This is the 5th version, released on 24 August 2012. Please check back periodically.
Additional Questions
If you have any comments or questions regarding our security arrangements, please contact us using the contact form.