As a courtesy to our our visitors from privacy important websites (e.g. 8chan), we have published the following guide:
Arrive Online Pty. Ltd. (trading as LA Pump) takes privacy & security extremely seriously. Personal & sensitive data from customers as well as general visitors to the website are never under any circumstances shared with any third parties.
This website uses Google Analytics and Self-Hosted Piwik Analytics (open-source analytics released under GPL v3 license) to track customer behaviour across the website. Server logs & analytics are accessible by less than 2 individuals who use Linux based systems and use a VPN (OpenVPN) to connect at all times. Design & system administration is conducted by less than 2 individuals who use SSH key-based authentication to log into the server.
We recommend you use any available privacy extensions for your browser, such as Disconnect & Ad Guard which are available for Firefox and Chrome (Chrome is a privacy risk). The Cloudflare Firewall is set to Essentially Off so you can connect to our website using the Tor Browser if you wish.
Your personal data is viewed by less than 3 individuals, who are residents of Australia and have absolutely no ties to any other nations such as the United States. Handling of personal information is regulated by the Commonwealth Privacy Act 1988 (Privacy Act) as legislated in Australia.
Your sensitive & personal data is kept private and you have the right to have this data made available to you or deleted on request.
Any requests for personally identifiable or non-identifiable data will be promptly carried out in less than 72 hours and this includes removing your data from raw server logs, any backups, analytics databases, mailing lists or any other place that your data may be stored.
Your connection to the website is secured by SSL provided by Cloudflare, as well as a self-signed certificate between the host server and Cloudflare. Administration and email is conducted from the server IP so any changes to the SHA-256 fingerprint (potential MitM attacks) will be picked up almost immediately.
Inbound emails are stored on the Amsterdam local host and outbound SMTP service is securely provided by Neomailbox. Outbound emails sent via Neomailbox SMTP (emails from us to you) are sent TLS from the client to their Switzerland based SMTP servers which strip the client IP before being sent to you. You can view Neomailbox’s transparency report & [non-archive] warrant canary here.
This server is additionally secured by Fail2Ban (with IPTables), SSH key-based authentication and 24-hour root access login notification.
Customers can pay for products on this website using PayPal, Credit Card (Visa, MasterCard & American Express), or anonymously via Bitcoins.
Visa & MasterCard sales are processed by our Australian bank and your credit card statement will show ARRIVEONLINE.COM.AU. American Express transaction are processed directly by American Express.
You are not required to enter your full name as your delivery address. You are permitted to use non-identifiable titles such as “Household Owner” or initials such as “T. I.” or “A. A.” etc.
However, if you pay via Visa or MasterCard you will have to enter your card-holder name. AMEX does not require your name to be entered, and you can write “No Name” when checking out with American Express.
You can read more about how much we care about your privacy in this case study where we were contacted by several buzzfeed reporters [archive.is] here.