Security & Data Policy
We respect privacy and design with security in mind from day one.
Authentication & Transport Security
- All pages served over HTTPS with modern TLS (1.3) and HSTS.
- Account login (if enabled) uses OAuth 2.0 / OIDC with optional MFA.
- Admin access gated by device-based keys and IP allowlists.
Data Policy
Retention: We keep only what's required to deliver services and fulfill legal obligations.
Sale of Data: We do not sell personal data to third parties.
Deletion: You may request deletion at any time; we process within 30 days.
Protections: Encryption in transit and at rest; role-based access; least-privilege; regular audits.
Compliance: GDPR/CCPA-aligned practices; DPA available upon request.
Payments
Checkout is processed via a PCI-DSS compliant gateway. Accepted methods: Visa, MasterCard, AmEx, PayPal, and Apple Pay.