Security Policy

Purpose Statement: The purpose of this security policy is to ensure the confidentiality, integrity, and availability of our customer data and the security of our website.

Roles and Responsibilities: All employees, contractors, and vendors who handle customer data or have access to our website are responsible for implementing and enforcing security policies. The website owner is responsible for ensuring that the policies are up-to-date and that employees, contractors, and vendors are trained in security best practices.

Access Control: Access to our website is restricted to authorized personnel only. Passwords must be kept confidential, and users must log out when they are finished using the website. Two-factor authentication is enabled for all administrative accounts.

Data Protection: All customer data is encrypted both in transit and at rest. Backups are performed regularly and stored securely. We have a disaster recovery plan in place in case of data loss or system failure.

Network Security: We use industry-standard security measures, including firewalls and intrusion detection and prevention systems, to protect our website from unauthorized access and attacks. We also regularly update our software and security patches.

Incident Response: We have a process in place for detecting, reporting, and responding to security incidents. If a security incident is detected, we will take immediate action to mitigate the impact and prevent further damage.

Compliance: We are committed to complying with all applicable regulations and standards, including the General Data Protection Regulation (GDPR) and the Payment Card Industry Data Security Standard (PCI DSS).

Training and Awareness: All employees, contractors, and vendors are required to complete security awareness training upon hiring and annually thereafter. We also provide ongoing training and resources to help employees stay up-to-date on security best practices.

Monitoring and Auditing: We monitor our website and data regularly for potential security issues, and conduct periodic audits of our security policies and procedures to ensure compliance.

Enforcement: Violations of this security policy may result in disciplinary action, up to and including termination of employment or contract, and legal action if applicable.

This security policy is subject to change without notice.

For information, please visit https://www.shopify.com/security.