Security & Privacy

Last Updated: January 1, 2024

1. Security Measures

1.1 Website Security

• SSL/TLS Encryption: All data transmission is protected with 256-bit SSL encryption
• CSRF Protection: Cross-Site Request Forgery protection on all forms
• XSS Prevention: Input sanitization and output encoding to prevent script injection
• Content Security Policy: Strict CSP headers to prevent malicious content execution
• Regular Security Audits: Quarterly penetration testing and vulnerability assessments

1.2 Data Protection

• Encrypted Storage: All sensitive data is encrypted at rest using AES-256 encryption
• Secure Backups: Regular encrypted backups stored in geographically distributed locations
• Access Controls: Multi-factor authentication and role-based access controls
• Network Security: Firewalls, intrusion detection systems, and DDoS protection

1.3 Server Infrastructure

• Hardened Servers: Security-hardened Linux servers with minimal attack surface
• Regular Updates: Automated security patches and system updates
• Monitoring: 24/7 security monitoring and incident response
• Compliance: SOC 2 Type II and PCI DSS compliant infrastructure

2. Privacy Policy

2.1 Information We Collect

We collect information to provide better services to our users:

• Personal Information: Name, email address, phone number, billing address
• Business Information: Company name, website details, business requirements
• Technical Information: IP address, browser type, device information, usage analytics
• Communication Data: Support tickets, consultation notes, feedback

2.2 How We Use Your Information

• Service Delivery: To provide ecommerce website building and hosting services
• Customer Support: To respond to inquiries and provide technical assistance
• Service Improvement: To analyze usage patterns and improve our platform
• Communication: To send service updates, security alerts, and marketing communications (opt-out available)
• Legal Compliance: To comply with applicable laws and regulations

2.3 Information Sharing

We do not sell, trade, or rent your personal information. We may share information only in these limited circumstances:

• Service Providers: With trusted third-party vendors who assist in service delivery (under strict confidentiality agreements)
• Legal Requirements: When required by law, court order, or to protect our rights
• Business Transfers: In connection with a merger, acquisition, or sale of assets (with prior notice)
• Consent: When you explicitly consent to information sharing

3. Data Retention

We retain your information only as long as necessary for business purposes:

• Active Accounts: Data retained while your account is active
• Inactive Accounts: Data may be retained for up to 7 years for legal compliance
• Marketing Data: Removed immediately upon unsubscribe request
• Support Data: Retained for 3 years to improve service quality

4. Your Privacy Rights

Under GDPR, CCPA, and other privacy laws, you have the right to:

• Access: Request a copy of your personal data we hold
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your personal data (subject to legal requirements)
• Portability: Request your data in a machine-readable format
• Opt-Out: Unsubscribe from marketing communications at any time
• Restriction: Request restriction of data processing in certain circumstances

5. Cookies and Tracking

5.1 Types of Cookies

• Essential Cookies: Required for website functionality (login, security)
• Analytics Cookies: Help us understand website usage and performance
• Marketing Cookies: Used for targeted advertising (opt-in required)
• Preference Cookies: Remember your settings and preferences

5.2 Cookie Management

You can control cookies through your browser settings. Note that disabling essential cookies may affect website functionality.

6. Third-Party Services

We work with trusted partners who meet our security standards:

• Payment Processors: Stripe, PayPal (PCI DSS compliant)
• Analytics: Google Analytics (anonymized data)
• Email Services: Encrypted email delivery systems
• CDN Services: Secure content delivery networks

7. International Data Transfers

Your data may be processed in the United States and other countries where we operate. We ensure adequate protection through:

• Standard Contractual Clauses: EU-approved data transfer mechanisms
• Privacy Shield: Participation in recognized privacy frameworks
• Adequacy Decisions: Transfers only to countries with adequate protection

8. Security Incident Response

In the unlikely event of a security incident:

• Immediate Response: 24/7 incident response team activation
• Investigation: Thorough investigation and containment measures
• Notification: Affected users notified within 72 hours
• Remediation: Swift remediation and security improvements

9. Children's Privacy

Our services are not intended for children under 13. We do not knowingly collect personal information from children under 13. If we become aware of such collection, we will delete the information immediately.

10. Updates to This Policy

We may update this policy to reflect changes in our practices or applicable laws. Material changes will be communicated via:

• Email notification to registered users
• Prominent notice on our website
• 30-day advance notice for material changes

11. Contact Information

For security or privacy concerns, contact our Data Protection Officer:

• Email: privacy@proecommerce.com
• Security Issues: security@proecommerce.com
• Phone: 1 (307) 395-0300
• Mailing Address:
  ProEcommerce Data Protection Officer
  1309 Coffeen Avenue Suite 1200
  Sheridan, WY 82801 USA