Security & Data Protection

We take the security and privacy of customer information seriously. This page explains what personal information we collect, how we use it, the technical and organizational measures we use to protect sensitive data (including payment card details and contact information), and the options available to customers to control their information.

Personal Information We Collect

To provide products and services we collect information that may include:

  • Account & identity data: full name, username, password, email address and verified contact details provided when creating an account.
  • Payment & billing data: payment card numbers, card expiry, billing address and other payment method details provided at checkout. See Payment Security below for retention practices.
  • Shipping & contact data: shipping address, recipient name, phone number and delivery instructions required to fulfill orders.
  • Order & transaction data: order history, items purchased, returns and refund records, and transaction identifiers.
  • Device & usage data: IP address, browser type, device identifiers, operating system, referring URLs, pages visited, search queries, and interaction data collected through cookies and similar technologies.
  • Customer communications: support inquiries, chat transcripts, reviews and other messages exchanged with our teams.

How We Use Personal Information

We use personal data for legitimate business purposes including:

  • Processing and fulfilling orders, payments, refunds and returns;
  • Verifying identity to prevent fraud and abuse;
  • Communicating order status, shipping updates and customer service messages;
  • Personalizing product recommendations, marketing (where permitted) and improving site experience;
  • Complying with legal obligations and responding to lawful requests from authorities;
  • Analyzing performance, troubleshooting issues and improving products and services.

Payment Security & Card Data Protection

Protecting payment card data is a high priority. Our approach includes:

  • Third-party, PCI-compliant processors: Card transactions are processed by reputable, PCI DSS-compliant payment processors. Card details submitted at checkout are transmitted directly to these processors using secure channels; we do not process card payments on insecure pages.
  • No storage of full card numbers: We do not retain full card numbers on our servers unless explicitly required and clearly disclosed at the time of payment. Where allowed, we store only masked card details (for example, last four digits) and expiration data, or a processor-issued token to facilitate future payments or refunds.
  • Tokenization: When available, we use tokenization so that sensitive payment credentials are replaced with non-sensitive tokens for storage and subsequent transactions.
  • Encryption in transit: All pages that handle personal or payment information use TLS/HTTPS to encrypt data while in transit between customers’ browsers and our servers or payment partners.
  • Encryption at rest: Sensitive fields and backups are encrypted at rest where applicable. Encryption keys are stored and managed according to best practices to limit unauthorized access.

Access Controls & Internal Security

Access to personal data within our organization is restricted and monitored:

  • Role-based access: Staff and vendors are granted the minimum privileges necessary to perform their duties.
  • Authentication & credentials: We enforce strong password policies and multi-factor authentication for accounts with access to customer data and administrative systems.
  • Logging & monitoring: Access to systems storing personal information is logged and regularly reviewed to detect unauthorized activity.
  • Vendor management: Third-party service providers that process personal data on our behalf are contractually required to maintain appropriate security measures and confidentiality.

Data Minimization & Retention

We limit collection to data necessary for the purposes described and retain personal information only as long as required to provide services, comply with legal obligations, resolve disputes and enforce agreements. When data is no longer needed, we securely delete, destroy or anonymize it in accordance with applicable laws and internal policies.

Technical Measures & Secure Development

We employ multiple technical safeguards to protect systems and data:

  • Regular vulnerability scanning, security patching and configuration management;
  • Web application firewalls, intrusion detection/prevention systems and DDoS mitigation where applicable;
  • Secure development practices, code reviews and testing to reduce the risk of exploitable bugs;
  • Secure backups and disaster recovery procedures to maintain availability and integrity of data.

Employee Training & Awareness

Personnel with access to customer data receive regular training on privacy, secure handling of information, phishing awareness and incident reporting. Contractors and vendors are required to adhere to our security expectations and confidentiality obligations.

Data Subject Rights & Choices

Depending on jurisdiction, customers may have rights to access, correct, update, export, restrict or delete their personal information, and to object to certain processing such as marketing communications. Account holders can typically manage preferences in their account settings, and we provide processes to respond to verified requests in accordance with applicable law.

International Transfers

Personal data may be transferred to and processed in countries other than the one in which the customer resides. When transfers occur, we rely on appropriate safeguards such as standard contractual clauses, adequacy decisions or other lawful mechanisms to ensure an adequate level of protection.

Incident Response & Breach Notification

We maintain an incident response program to detect, contain and investigate security events. In the unlikely event of a confirmed breach involving personal data, we follow applicable notification requirements and coordinate with authorities and affected individuals as required by law.

How to Manage Your Information

Customers can manage account details, update contact and payment information, and control marketing preferences through their account settings. If additional assistance is needed for data requests or security concerns, please use the support channels available on the website.