How We Protect Your Account & Data

We apply a combination of technical, administrative, and physical measures to protect customer information and maintain the integrity of our online services. Below is an overview of the core safeguards and best practices we follow.

Data Encryption

Sensitive data in transit is protected using strong transport-level encryption. Where appropriate, sensitive data at rest is encrypted or tokenized to reduce exposure.

Access Controls & Authentication

  • Role-based access limits who can view or manage personal data and operational systems.
  • Multi-factor authentication (MFA) is used for administrative access to critical systems.
  • We encourage customers to use strong, unique passwords and enable MFA for their accounts where available.

Secure Payment Handling

Payments are processed through trusted payment providers. We do not store full payment card details unless required and handled via secure, compliant tokenization methods.

Application & Infrastructure Security

  • Development follows secure coding practices and change-control processes to reduce vulnerabilities.
  • Regular patching and updates are applied to servers, platforms, and third-party components.
  • We perform periodic vulnerability scanning and penetration testing to identify and remediate security issues.

Monitoring & Incident Response

Continuous monitoring and logging help detect suspicious activity. We maintain an incident response plan to investigate, contain, and remediate incidents, and to preserve evidence for root-cause analysis.

Third-Party & Vendor Security

We assess and contractually require reasonable security practices from third-party service providers who process data on our behalf. Vendor access is limited to only what is necessary for service delivery.

Data Minimization & Retention

We collect only the data necessary to provide services and retain it only as long as required for business, legal, or regulatory purposes. When data is no longer needed it is securely deleted or anonymized.

Backups & Business Continuity

Critical data is backed up regularly and stored securely to support recovery in the event of system failures or disasters. Business continuity plans are maintained to reduce service disruption.

Employee Awareness & Training

Staff receive regular security training and must follow policies that limit access to customer data and protect operational environments.

Privacy-by-Design & Secure Defaults

Systems and features are designed with data protection in mind — using secure defaults, least-privilege principles, and privacy-preserving options where possible.

Reporting & Responsible Disclosure

We welcome reports of potential security issues and have processes to investigate and remediate verified vulnerabilities promptly.