Information Security

    Purpose

    The purpose of this Information Security Policy is to protect the confidentiality, integrity, and availability of our customers’ personal and financial information, ensuring secure and trustworthy transactions on our e-commerce platform. This policy outlines the measures we implement to safeguard data and maintain customer trust.

    Scope

    This policy applies to all employees, contractors, third-party vendors, and customers interacting with our website and associated systems. It covers the following:

    1. Personal Information (e.g., names, addresses, contact details).
    2. Financial Information (e.g., credit/debit card details).
    3. Website and server data.
    4. Intellectual property, including product designs and digital assets.

    Key Principles

    1. Confidentiality: We ensure that customer data is accessed only by authorized personnel and used for its intended purpose.
    2. Integrity: We protect data from unauthorized alterations or deletions.
    3. Availability: We maintain system uptime and ensure services remain accessible.

    Security Measures

    1. Data Encryption
      • All sensitive data, including payment information, is encrypted using SSL (Secure Socket Layer) during transmission.
      • Stored data is encrypted to prevent unauthorized access.
    2. User Authentication
      • Customers are required to create secure passwords for their accounts.
      • Two-factor authentication (2FA) is encouraged for enhanced security.
    3. Regular Monitoring
      • Our systems are monitored for unauthorized access, suspicious activities, and potential threats.
      • Vulnerability assessments and penetration testing are conducted periodically.
    4. Access Control
      • Access to sensitive data is limited to authorized personnel only.
      • Role-based permissions are implemented for employees handling customer data.
    5. Payment Security
      • We comply with PCI DSS (Payment Card Industry Data Security Standard) to ensure safe handling of cardholder information.
      • We use secure payment gateways for processing transactions.
    6. Data Retention and Disposal
      • Personal and financial data is retained only as long as necessary to fulfill its purpose.
      • Secure methods are used to dispose of data when no longer needed.
    7. Customer Privacy
      • We adhere to GDPR (General Data Protection Regulation) and other applicable laws to protect customer privacy.
      • A detailed Privacy Policy is available on our website.

    Incident Management

    • In case of a data breach or security incident, we will:
      • Notify affected customers promptly.
      • Investigate the root cause and mitigate risks.
      • Report the incident to relevant authorities as required.

    Customer Responsibility

    Customers are encouraged to:

    • Use strong and unique passwords for their accounts.
    • Avoid sharing login credentials with others.
    • Report any suspicious activity or potential vulnerabilities on the website.

    Employee and Vendor Training

    • All employees and vendors are trained on the importance of information security and their roles in maintaining it.
    • Security awareness programs are conducted regularly.

    Policy Review

    This policy will be reviewed annually or as necessary to ensure compliance with evolving security standards and legal requirements.

    Contact Us

    If you have any questions or concerns about our Information Security Policy, please contact us +91 7862096126 or email us at hello@reevjewel.com.