This section outlines the security measures and compliance practices we employ at PieLab.io to protect your data and ensure the integrity of our Site and Services.
1. Security Measures
We are committed to maintaining the security of your information and employ a variety of technical and organizational measures designed to protect it from unauthorized access, use, disclosure, alteration, or destruction. These measures include, but are not limited to:
Data Encryption:
* We use Secure Socket Layer (SSL) or Transport Layer Security (TLS) encryption for data transmitted between your browser and our servers. This helps protect sensitive information during transit, such as login credentials and payment details. For example, when you log in to your PieLab.io account, the connection is secured using HTTPS.
* Where appropriate, we also encrypt data at rest using industry-standard encryption algorithms. This ensures that even if unauthorized access to our databases occurs, the information remains unreadable without the decryption keys.
Secure Authentication and Authorization:
* We implement strong password hashing techniques to protect your login credentials.
* Access to your account and sensitive data is controlled through authentication and authorization mechanisms, ensuring that only authorized users can access specific features and information. For instance, only the owner of a Shopify store who has installed our plug-in can access the configuration settings for that plug-in through their PieLab.io account.
* We recommend and may enforce strong password policies to enhance account security.
Regular Security Assessments and Vulnerability Scanning:
* We conduct regular security assessments and vulnerability scans of our Site and Services to identify and address potential security weaknesses. This may involve using automated tools to scan for known vulnerabilities and performing penetration testing to simulate real-world attacks.
Web Application Firewall (WAF):
* We may utilize a Web Application Firewall to monitor and filter incoming traffic to our Site, helping to protect against common web attacks such as SQL injection and cross-site scripting (XSS).
Secure Development Practices:
* We follow secure coding practices to minimize vulnerabilities in our software. This includes input validation, output encoding, and regular code reviews.
Access Controls and Least Privilege:
* Access to our internal systems and data is restricted to authorized personnel on a need-to-know basis. We adhere to the principle of least privilege, granting users only the minimum level of access required to perform their job functions.
Incident Response Plan:
* We have an incident response plan in place to address any security incidents promptly and effectively. This includes procedures for identifying, containing, eradicating, and recovering from security breaches.
Regular Software Updates and Patch Management:
* We keep our software, frameworks, and dependencies up to date with the latest security patches to address known vulnerabilities.
2. Compliance Practices
We strive to comply with relevant laws, regulations, and industry standards to ensure the responsible handling of your data. Our compliance efforts include:
Privacy Policy: As detailed in our Privacy Policy, we are committed to protecting your personal information in accordance with applicable privacy laws. We provide transparency about the data we collect, how we use it, and your rights regarding your data.
Cookie Policy: Our Cookie Policy explains our use of cookies and similar tracking technologies on our Site, providing you with information about the types of cookies we use and how you can manage your preferences.
Shopify Partner Program Requirements: As a provider of Shopify plug-ins, we adhere to the requirements and guidelines of the Shopify Partner Program, which includes obligations related to data privacy and security when interacting with the Shopify platform and Shopify merchant data. This involves ensuring secure API usage and respecting the data access permissions granted by Shopify merchants.
Payment Card Industry Data Security Standard (PCI DSS): While PieLab.io itself may not directly handle sensitive payment information (as this is often processed by Shopify or other payment processors), we are mindful of the PCI DSS requirements and strive to maintain a secure environment that supports the overall security of payment data within the Shopify ecosystem. If we were to directly handle payment information in the future, we would take the necessary steps to achieve and maintain PCI DSS compliance.
General Data Protection Regulation (GDPR): For users located in the European Economic Area (EEA), we respect the rights granted to them under the GDPR. Our Privacy Policy outlines how we comply with GDPR principles, including lawful processing, data minimization, purpose limitation, accuracy, storage limitation, integrity and confidentiality, and accountability.
California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA): For users who are California residents, we adhere to the CCPA/CPRA. Our Privacy Policy provides information about the categories of personal information we collect, the purposes for collection, and the rights of California consumers, including the right to know, the right to delete, and the right to opt-out of the sale or sharing of personal information.
Other Applicable Laws and Regulations: We monitor and strive to comply with other data protection and privacy laws relevant to our operations and our users.
3. Your Responsibilities
While we implement robust security measures, the security of your account also depends on you. You are responsible for:
* Maintaining the confidentiality of your account credentials, including your username and password.
* Choosing a strong and unique password for your PieLab.io account.
* Not sharing your account credentials with others.
* Noticing any unauthorized activity on your account and notifying us immediately.
* Ensuring the security of the devices you use to access our Site and Services.
4. Data Retention
We retain your personal information for as long as necessary to fulfill the purposes outlined in our Privacy Policy, or as required by law. When the retention period expires, we securely delete or anonymize your information.
5. Third-Party Services
Our Site and Services may integrate with or link to third-party services (e.g., Shopify, payment processors, analytics providers). These third parties have their own security and compliance practices, which are not governed by this Security and Compliance statement. We encourage you to review the security and privacy policies of these third parties before using their services.
6. Updates to this Security and Compliance Statement
We may update this Security and Compliance statement from time to time to reflect changes in our security practices or compliance obligations. We will post any updates on this page and update the “Last Updated” date. We encourage you to review this statement periodically.
7. Contact Us
If you have any questions or concerns about our security and compliance practices, please contact us at:
Email: [email protected]