Security & Trust

We are committed to protecting our customers’ information and maintaining a secure, accessible, and trustworthy eCommerce experience. Our security practices align with recognized industry standards for accessibility, payment security, and data privacy.

 

1. Accessibility Commitment (ADA & WCAG)

We are committed to ensuring digital accessibility for all users, including individuals with disabilities.

 

Our website is designed to conform with the Web Content Accessibility Guidelines (WCAG) 2.2, Level AA, with ongoing efforts toward Level AAA where reasonably feasible. These standards support compliance with accessibility laws in multiple regions, including the Americans with Disabilities Act (ADA) and comparable international regulations.

 

Accessibility is an ongoing effort, and we regularly review and improve our website to enhance usability for everyone.

 

2. Payment Security & PCI DSS Compliance

Secure Payment Processing

All payment transactions on our website are securely processed through Stripe, a leading third-party payment processor that is certified as PCI DSS Level 1 compliant, the highest level of certification available.

 

We do not store, process, or transmit full credit card numbers on our servers.

Stripe handles sensitive payment data directly using encrypted connections and industry-standard security controls, significantly reducing risk and exposure.

3. Privacy & Data Protection

We are committed to protecting personal information and handling data responsibly.

Personal data is collected only for legitimate business purposes, such as:

  • Order fulfillment
  • Customer support
  • Account management

We implement reasonable administrative, technical, and organizational safeguards to protect personal data from unauthorized access, disclosure, or misuse.

For more details, please review our Privacy Policy.

4. Third-Party Services

Our website may integrate trusted third-party services for:

  • Payment processing (Stripe)
  • Hosting and infrastructure
  • Analytics and fraud prevention

 

While we select vendors that meet strong security and compliance standards, we do not control the internal practices of third-party providers.

5. Ongoing Security Practices

Our security program includes, where applicable:

  • Encrypted connections (HTTPS/TLS)
  • Role-based access controls
  • Regular software updates and patches
  • Monitoring for suspicious activity
  • Periodic review of security practices

 

6. Questions or Concerns

If you have questions about accessibility, security, or data protection, please contact us:

Email: [your email]
Phone: [your phone]

Short PCI Compliance Footer Snippet

PCI Compliance:
Payments are securely processed by Stripe, a PCI DSS Level 1 compliant payment provider. We do not store credit card details on our servers.

Merchant-Friendly PCI Explanation (Customer-Facing)

How We Keep Your Payments Secure

When you make a purchase on our website, your payment is handled by Stripe, one of the world’s most trusted payment platforms.

  • Your card details are encrypted and sent directly to Stripe
  • We never store your full card number
  • Stripe meets the highest payment security standards (PCI DSS Level 1)

This means your payment information stays protected at every step of the checkout process.

                                                    Security Policy

Information Security Policy

We maintain a security program designed to protect customer data and reduce the risk of unauthorized access, disclosure, or misuse.

 

Scope

This policy applies to systems and processes used to operate our eCommerce website, excluding systems managed directly by third-party service providers.

Security Controls

Security measures may include:

  • Encrypted data transmission
  • Access controls based on job role
  • Use of PCI-compliant third-party processors
  • Monitoring and incident response procedures

 

Incident Response

In the event of a suspected security incident, we take reasonable steps to investigate, mitigate impact, and comply with applicable notification requirements.

Continuous Improvement

Security practices are reviewed periodically and updated as technology, risks, or legal requirements evolve.

PCI Scope Clarification Statement

PCI DSS Scope Clarification

Our organization does not store, process, or transmit cardholder data on its own systems.

All payment transactions are handled directly by Stripe, a PCI DSS Level 1-certified service provider. As a result, our PCI DSS scope is significantly reduced and limited to:

  • Ensuring secure redirection or integration with Stripe
  • Maintaining HTTPS encryption
  • Following vendor security best practices

Responsibility for cardholder data security rests with Stripe within their certified PCI DSS environment.

This scope limitation reduces risk while maintaining compliance with applicable PCI DSS requirements.