Last modified: December 4, 2018


Our promise to uphold the privacy of PII (personally identifiable data) to the best of our ability is backed by our security practices and that of our associates and sub-processors

  1. A culture of privacy is developed and nurtured throughout our corporate organization. Periodic cybersecurity awareness training and knowledge checks are conducted with every employee.
  2. Best security practices are identified, implemented, and periodically assessed and adjusted in relation to our corporate operations as well as with our sub-processors.
  3. Annual third-party graybox penetration tests are conducted of and mitigation is performed as needed.
  4. Monthly vulnerability scans are run and the results are evaluated and action taken when needed.
  5. Monthly PCI compliance scans are conducted of, our other websites, and our corporate operations to ensure the safety of all credit card transactions.
  6. All upgrades, updates, or changes to or our operations are evaluated for their potential impact to ongoing data privacy and security.
  7. The principle-of-least-privilege is practiced among our employees, consultants, and associates to constrain exposure of PII only to those authorized.
  8. Should any level of data breech be experienced, the event is detailed and logged and when appropriate, reported to the appropriate data protection authorities.