Security & privacy
Web protocols
All data sent to or from SETLS is protected by TLS 1.2 or above.
Authentication & password management
SETLS uses a form-based authentication where the password is sent as a POST parameter.
Passwords are stored hashed in the database, and cannot be retrieved by the SETLS team. Passwords can be reset by any user with administrative permissions:
- by sending a password reset email to the member, or
- manually entering the new password
Email configuration
SETLS sends emails to members or toy library staff for a variety of reasons, including:
- reminders to return items or attend volunteer sessions
- notifications that a held item is available or membership fees are due
A full list of the automatic emails can be found in the demonstration system.
Emails are sent with a "from" address of noreply@<toylibrary>.setls.com.au. The "reply to" address can be set from the settings page.
Emails from SETLS are sent via Amazon Simple Email Services (SES). You do not need to provide SETLS with access to your mail server or a relay.
Sensitive data
SETLS can be used to record information about members that may be considered sensitive. This information includes:
| Member details |
Name |
Required |
|
|
Optional, required for online access |
|
|
Mobile phone |
Optional, required for SMS |
|
| Home address |
Street, suburb and phone |
Optional |
| Alternate contact |
Name, address and phone |
Optional |
| Identity | Drivers license number | Optional |
The following additional fields can be enabled from the settings page.
| Member details |
Date of birth Ethnicity Language Disability |
| Children |
Name Date of birth Gender |
| Organisations (schools) |
Name |
Financial transactions
SETLS can be used to manually record member charges and payments, including membership fees and penalties.
SETLS also supports online payment of membership fees using PayPal. This requires creation of a PayPal account.
The SETLS team are currently investigating integration with Square for online and in-person payments.
SETLS servers
The following service providers are used by SETLS:
| Feature | Provider | Location |
| Web application | Amazon | Sydney, Australia |
| Database | Amazon | Sydney, Australia |
| Amazon | Sydney, Australia | |
| SMS | Amazon | Oregon, USA |