Please note that your use of this Web site will indicate your agreement to the following terms.

COPYRIGHT © 2006 Goldleaf Financial Solutions Incorporated.
ALL RIGHTS RESERVED.
Copyright in the pages and in the screens displaying the pages, and in the information and material therein and in their arrangement, is owned by Goldleaf Financial Solutions Incorporated unless otherwise indicated.

Goldleaf Financial Solutions Incorporated (Goldleaf) is committed to meeting the needs of the small-to-medium-sized business by identifying, offering and delivering products and services that enable businesses to succeed. An essential element of this commitment is to conduct all of our business with integrity and respect. Goldleaf Financial Solutions Incorporated will adhere to the highest standards to use any information that you may provide online through our products in a responsible manner. This Security Policy has been created to inform all visitors to any of the Goldleaf Financial Solutions Incorporated Web sites and/or its affiliates' sites important aspects of security surrounding the online experience that will help answer any questions and concerns you may have. These policies may change from time to time with updates. We suggest that you review all the policies so that you are aware of any changes that may occur.

Goldleaf Financial Solutions Incorporated has implemented a number of security features throughout the site to prevent the unauthorized release of, or access to, personal information. For example, database information is kept separate from live servers and is firewall protected. To ensure safe transmission of potentially sensitive financial data, Goldleaf Financial Solutions Incorporated provides support for 128 bit SSL (Secure Socket Layer) encryption on all Web sites containing transactional information or allows for the passing of personal information between client and server. Further, only authorized personnel have access to any stored information that Goldleaf Financial Solutions Incorporated has compiled on its users. Please be advised, however, that users should consider carefully before submitting sensitive information they would not want disclosed to the public. Users should recognize that their use of the Internet and Goldleaf Financial Solutions Incorporated Web sites is solely at their own risk. Goldleaf Financial Solutions Incorporated and/or its affiliates' sites have no responsibility and/or liability for the security of personal information transmitted via the Internet. Users should always exercise caution when conveying personal information over the Internet.

Our security standards are high. We test every electronic product to ensure that it meets our criteria. However, the software that you run on your own PC and the Internet itself can impact the "secure environment" necessary for Internet transactions with Goldleaf Financial Solutions Incorporated. You also play an important role in maintaining the security of your information while using the Internet. You should ensure that you are familiar and comfortable with the security level of your browser and watch for security alerts affecting the software on your PC or the browser you are using. For general information on Internet security issues, please review the following information included in this Policy.

See the Terms of Use Policy disclosures relating to the use of Goldleaf Financial Solutions Incorporated resources.

See the Privacy Policy disclosures relating to the collection and use of your information.

By using this site, you signify your agreement to the Goldleaf Financial Solutions Incorporated Terms of Use, Privacy Policy and Security Policy. IF YOU DO NOT AGREE WITH THESE POLICIES, PLEASE DO NOT USE THIS SITE. Your continued use of Goldleaf Financial Solutions Incorporated Web sites and/or its affiliates' sites following the posting of changes to these terms will mean you accept those changes.

Send your questions to the appropriate contact as listed below:

• Web site content properties, contact
• Privacy and Security concerns, contact
• You may also contact Legal Services at 800-235-5584 for a copy of any policy or to answer any questions you may have about these policies

What is a browser and what does it do? What makes one browser more secure than another? What is encryption? What's the difference between 128-bit and 40-bit encryption? How can you determine what level of encryption your browser supports? What is a firewall and what does it do?

What is a browser and what does it do? A browser enables you to visit Web sites and view Web pages on your computer screen. Just as a word processor is the software you use to write letters and papers with your computer, a browser is the software you use to surf the Web.

Once on a site, your browser translates HTML programming instructions sent over the Internet into the Webpages you are accustomed to seeing. Some browsers are proprietary to an ISP (Internet Service Provider); others are not (Microsoft Internet Explorer, Netscape Navigator).

What makes one browser more secure than another? Browsers offer varying degrees of security, particularly in regard to encryption:

1. Some browsers allow you to encrypt information, so that the information is scrambled as it passes over the Internet.
2. Some browsers offer more secure forms of encryption than other browsers do.
3. Even the same version of a browser can come with different levels of encryption. Netscape Navigator 3.0, for example, comes with either 40-bit encryption or the more secure 128-bit encryption.

What is encryption? When trading or viewing your account information online the information is encrypted. Once you have successfully logged on to our online products or services the information sent and retrieved is encrypted.

Encryption is the process of converting information into a more secure format for transmission. In other words, the plain text is converted to scrambled code while being transmitted, and then decrypted back to plain text at the receiving end of the transmission.

It is comparable to writing a letter, converting it to code, putting it in an envelope and mailing it with the recipient descrambling the code.

Currently, there are 2 levels of encryption generally available in Web browsers: 40-bit encryption, and 128-bit encryption. Most commonly available browsers use 40-bit encryption. However, the 128-bit browser offers the highest level of encryption generally available in North America today and provides the best protection when transmitting confidential data over the Internet. All Goldleaf Financial Solutions Incorporated Web sites support up to 128-bit encryption.

What's the difference between 128-bit and 40-bit encryption? The difference between these two types of encryption is one of capability. 128-bit encryption is exponentially more powerful than 40-bit encryption.

Think of it this way...

• 40-bit encryption means there are 240 possible keys that could fit into the lock that holds your account information. That means there are many billions (a 1 followed by 12 zeroes) of possible keys.
• 128-bit encryption, means there are 2128 possible keys, or 288 (a three followed by 26 zeroes) times as many key combinations than there are for 40-bit encryption. That means a computer would require exponentially more processing power than for 40-bit encryption to find the correct key.

Netscape Navigator

Netscape: Check your browser with Netscape

Netscape Navigator for Windows lists its security level in its Help menu, under "About Netscape." In the Mac version, it is listed under the Apple icon. In the section marked RSA Encryption, a sentence in bold describes either U.S. or International security. The U.S. refers to 128-bit and international to 40-bit encryption.

If you have a Netscape Navigator browser, the level of encryption you are currently using can be seen on your screen. When you visit an area of the site that does not require encryption, your browser will display the symbol of a lock/unlock.

Microsoft Internet Explorer

Internet Explorer: Check your browser with IE

For Microsoft Internet Explorer, click Help / About, and review your Cipher Strength. We encourage you to download and install the most current version of this software. Be sure to specify the 128-bit version from the list of available software that can be downloaded.

Microsoft displays the icon on the lower right corner of the browser. For a secure environment, Microsoft Internet Explorer (any version) uses a closed padlock; there is no icon for an unsecured environment. Microsoft Internet Explorer does not distinguish between 40-bit and 128-bit encryption on the browser screen.

Although 128-bit encrypting browsers are available for download under certain circumstances, the availability and means of doing so are changing daily. We encourage you to check with your browser provider in respect to the current status.

Make sure that your browser's safety level is set to "High". This selection ensures that Internet Explorer will only download signed or certified code to your computer. Follow these steps to take full advantage of Microsoft Internet Explorer's built-in security features.

1. From the browser menu, click Tools.
2. Select Internet Options.
3. Select the Security tab.
4. Click the Custom Level button.
5. Under Reset Custom Settings, click the drop-down arrow and select High.
6. Click Reset.
7. Click OK.

You can take advantage of the features that alert you when an ActiveX control, which is a type of program that can be downloaded from the Internet, is about to be downloaded to your computer. It's a good idea to find out about the publisher or Web site by clicking on the information provided on the security certificates presented before you download an ActiveX program. When presented with certificates from unknown Web sites or publishers, exercise caution.

Most certificates give you the option to turn off future certification notices. Do not select this option if you wish to carefully monitor the source of the programs, which you download to your computer.

What is a firewall and what does it do? An Internet Firewall is made up of a combination of hardware and software designed to securely separate the Internet from internal computer systems and databases. At Goldleaf Financial Solutions Incorporated, data coming from customer computers via the Internet flows through a series of safety checkpoints on its way to our internal systems. Data is encrypted between the customer and internal systems to protect it from unauthorized disclosure or modification.

• What does security on the Internet mean?
• What steps has Goldleaf Financial Solutions Incorporated taken to ensure the privacy and security of your information on its Web site?
• What can you do to protect your accounts and personal information while using a Goldleaf Financial Solutions Incorporated Web site?
• Can other people view your personal information when you're using the Web?
• Does Goldleaf Financial Solutions Incorporated support beta versions of browsers?

What does security on the Internet mean?
Security on the Internet means that transmissions sent from one source to another maintain their confidentiality and integrity. Confidentiality means that unauthorized users cannot read any transmissions sent from one party to another. Integrity means that messages are not altered during transmission.

What steps has Goldleaf Financial Solutions Incorporated taken to ensure the privacy and security of your information on its Web site?
Goldleaf Financial Solutions Incorporated's top priority is to protect the confidentiality and integrity of its customers' information. Goldleaf Financial Solutions Incorporated has ensured that the appropriate safeguards have been implemented each step of the way. The safeguards include:

1. Encryption -- all applications and other communications requesting confidential information must be set up in a "secure environment" on our site, transmitted to us securely through the use of encryption and maintained in a secure format upon receipt by us until distribution to the appropriate business area.
2. Firewalls -- Goldleaf Financial Solutions Incorporated has in place an Internet firewall designed to securely separate the Internet from Goldleaf Financial Solutions Incorporated internal computer systems and databases. Data coming from customer computers via the Internet flows through a series of safety checkpoints on its way to our internal systems so that only authorized messages and transactions enter our computer systems.
3. Monitoring -- Goldleaf Financial Solutions Incorporated monitors all internal systems to ensure that there has been no security attack or attempted break-in. We also arrange for regular independent security checks on our computer systems to ensure our high standards are being met.

What can you do to protect your accounts and personal information using a Goldleaf Financial Solutions Incorporated Web site?
You also play a role in maintaining the security of your information. Encrypting your data is the best way to ensure your privacy is protected while using the Internet. Become familiar with the level of encryption of your browser and upgrade for greater protection. Here are some additional things you can do:

Use the built-in security features of your browser. Choosing certain security settings and options will help protect your accounts and personal information. For more information, see our detailed instructions on how to maximize the security of your browser or review your browser documentation. Protect your password by choosing one that is difficult to guess. Avoid words that may be found in the dictionary, as these are easy to guess. Change your password regularly. Do not share your password with anyone. Never write your password down or store it in your computer where it is automatically replayed. If someone walks up to your PC and replays your logon sequence including a stored password, then they can connect as if they were you. Always enter your password yourself for each logon to any Goldleaf Financial Solutions Incorporated Web site. Remember to logoff when you have finished with your transmissions.

Can other people view your personal information when you're using the Web?
No, if you have encrypted your data, then it cannot be viewed while it is being transmitted.

Does Goldleaf Financial Solutions Incorporated support beta versions of browsers?
Not officially, we don't formally test them until they become full release versions.

There are things you can do to protect your privacy over the Internet.

Your password is key! Choose an effective password -- don't pick your birthday, SSN or another number or word that could be easily guessed. Protect your password. It is your access to your Internet account. Do not reveal it to anyone. Be familiar with the encryption level of your browser and what it means in terms of your privacy protection. If you want greater protection, upgrade your browser (e.g. 40-bit to 128-bit).

Access Control And Passwords
One of the easiest and most effective access control methods is the use of passwords. Although passwords are a convenient way of protecting system access, users often defeat the security measures by carelessness or improper use. It is therefore necessary for all system users to strengthen passwords and ensure their confidentiality at all times.

Weak Passwords
Most users tend to select a password that is easily recallable so they will not forget it. Often a user selects a password based on things like:

• Personal or family details, possessions, interests, or relationships
• Dictionary words
• Dictionary words spelled backwards
• First names, last names, street names, city names
• Names of sports teams
• Valid car license numbers
• Room numbers, social security numbers, or telephone numbers

Although this seems harmless, such passwords are inherently weak because they can be anticipated and easily guessed by an impostor. Someone trying to guess your password will try your name, date of birth, nickname and those of your spouse and children. A more enterprising impostor, on the other hand, may gather a substantial collection of candidates from dictionaries and mailing lists and search them for your password. At 1 millisecond per possible password choice, it takes less than 4 minutes to search a 250,000 word commercial dictionary. If someone did that to your password, would they get through?

Improving Passwords
A password offers no protection to any system or data if it can be guessed easily. Ideally, passwords should be easy to remember by the user but hard to guess correctly by anyone else. By applying the suggested password selection procedure listed below and ensuring password confidentiality, the strength of a user's chosen password is considerably improved.

Password Selection Procedure

• Choose a string of alphabetic characters that is easy to remember using one of the following techniques.
  • Type a common word, but shift your hands up or down one or two rows on the keyboard. For example shifting down one row on the keyboard changes "FRIDAY" to "VFKCH."
  • Move one letter in the alphabet for each character, "FRIDAY" become "GSJEBZ."
  • String words together to form one word, like "OMYGOSH."
  • Use synonyms/antonyms for syllables like "SNOWMILK" for "ICE CREAM."
  • Use phonetics ("CHRIS" becomes "KRIS") or reversal ("MIKE" becomes "EKIM").
  • Create an acronym from an expression. For example, take the first letter of a common expression, such as "This fancy stuff works!" to form the acronym "THFWO."
• Choose a string of at least 1 or more numbers that is easy to remember and insert it somewhere in the password. Using some rule that you create, combine the string of alphabetic characters with the string of numbers to create an alphanumeric string. This alphanumeric string should be at least 5 characters long. Using this procedure, one might select, say "WCYD" and "129." A possible resulting password could be 1W2CY9D, which is much less obvious than either of the easily remembered sequences.

Password Confidentiality
Although the Password Selection Procedure will make it more difficult for someone to obtain your password without your knowledge, you must also do the following to make sure your passwords stay confidential:

• DO NOT SHARE YOUR PASSWORD WITH ANYONE.
• CHANGE YOUR PASSWORD REGULARLY. Change your passwords at least once per month, or more frequently for highly sensitive data, to make it harder for someone to gain unauthorized access.
• USE A UNIQUE PASSWORD FOR EACH SYSTEM. Always use a different password for each system you access.
• IF WRITING IT DOWN, SECURE IT. It is strongly recommended that you NOT write down your password. However, if you really must record your password, it should be done in a form recognizable only to you and kept in a secure place. Even in an obscured form, the written record provides clues that someone could use to "break" your password.
• DO NOT STORE YOUR PASSWORD ON THE COMPUTER. Passwords should not generally be stored in the computer. Function keys should not be programmed with your password to complete a logon procedure. Remember, handle your password like you would the key to your house. It is what stands between an intruder and your data. You wouldn't give a burglar the key to your house, would you?

Last Updated: October 13, 2006 - 11:58 a.m. Central Time