Garnet Documentation

Appearance

Security Policy for [Your Shopify App Name]

1. Data Handling

Our Shopify app processes and manages the following types of data:

  • Customer Data: Includes personal details such as names, email addresses, and contact information.
  • Payment Information: Encompasses payment details used for transactions.
  • Order Details: Involves information related to customer orders including product information, quantities, and order statuses.

2. Data Protection

Sensitive data is protected using the following measures:

  • Encryption: All data is encrypted both at rest and in transit to prevent unauthorized access.
  • Access Controls: Strict access controls are implemented to ensure only authorized personnel can access sensitive data.

3. Authentication

Access to the app is secured through the use of:

  • Passwords: User accounts are protected by strong passwords. Password policies are enforced to ensure security.

4. Data Transmission

To ensure secure communication between our app and Shopify:

  • HTTPS: All data transmissions are conducted over HTTPS to provide a secure connection.
  • Secure APIs: APIs are designed to be secure and protected against unauthorized access.
  • Secured VPC: Data is transmitted through a secured Virtual Private Cloud (VPC) to enhance security.

5. Data Integrity

To maintain data integrity and prevent tampering:

  • Webhook Checksums: Webhooks are validated using checksums to ensure data integrity and prevent unauthorized modifications.

6. Vulnerability Management

We manage and address security vulnerabilities through:

  • Regular Updates: The app is updated regularly to address security vulnerabilities and improve protection.
  • Vulnerability Scans: Regular scans are conducted to identify and address potential security issues.

7. Access Control

Access within the app is managed by:

  • Permissions: User access is controlled through a permissions-based system to ensure that users only have access to data and functions relevant to their roles.

8. Logging and Monitoring

To detect and respond to security incidents:

  • Logging User Activity: User activity is logged to track actions and identify suspicious behavior.
  • Real-Time Monitoring: Continuous monitoring is in place to detect and respond to potential security threats in real-time.

9. Incident Response

In the event of a security breach or data leak:

  • Notification: Notify us immediately at webmaster@garnet.center.
  • Response Time: We will respond to reported incidents within 48 hours to address and remediate the issue.

10. Compliance

We are committed to compliance with relevant data protection regulations and standards to ensure that all handling of data adheres to legal and industry requirements.