A system and method for protecting sensitive information, for example, a user's personal information, stored on a database where the information is accessible via a communications network such as the Internet. An exemplary embodiment stores the sensitive information on an off-line server. The off-line server is connected to an on-line server. The on-line server is connected to the user via the Internet. The user interfaces with the on-line server, and at a scheduled time window, the sensitive information is made available to the on-line server by the off-line server. Outside of the time window, none of the sensitive information is kept on the on-line server. Thus by placing the sensitive information on-line for only limited periods of time the risk of compromise to the sensitive information is greatly reduced.