Effective Date: 10/01/2024

At Ghost Vapors, we are committed to protecting the confidentiality, integrity, and availability of our customers’ information and ensuring the secure operation of our website. This Security Policy outlines the measures we take to safeguard data and maintain a secure online environment.

1. Data Protection

We take reasonable steps to protect all customer data, including personal and payment information, using industry-standard security measures. These include:

  • Encryption: We use encryption technologies, such as SSL (Secure Socket Layer), to protect data transmitted between our website and your browser.
  • Payment Security: All payment transactions are processed through secure gateways that are compliant with the Payment Card Industry Data Security Standard (PCI-DSS).
  • Data Minimization: We only collect the necessary information required for processing orders and providing our services.

2. Account Security

Customers are responsible for maintaining the confidentiality of their login credentials. To further ensure account security, we employ:

  • Password Policies: Strong password requirements, encouraging users to create secure passwords that are difficult to guess.
  • Account Monitoring: Our system regularly monitors accounts for any suspicious activity. In the event of a potential breach, users may be required to verify their identity.

3. Website Security

To ensure the continuous secure operation of our website, Ghost Vapors implements the following measures:

  • Regular Security Audits: We conduct routine security assessments to identify and address vulnerabilities in our system.
  • Firewalls: Firewalls are in place to protect the website from unauthorized access and cyberattacks.
  • Intrusion Detection and Prevention Systems (IDPS): We use IDPS to monitor network traffic and prevent any suspicious or malicious activities.

4. Third-Party Service Providers

We carefully select third-party service providers that are compliant with relevant security standards. We ensure that these providers implement appropriate security measures when handling sensitive data on our behalf.

5. Incident Response

In the event of a security breach or incident, we have a detailed incident response plan to minimize impact and ensure timely recovery. This includes:

  • Immediate Containment: Isolating the breach and mitigating any further damage.
  • Notification: Affected users will be notified promptly if their data has been compromised.
  • Resolution and Reporting: We will work quickly to resolve the incident and, where necessary, report the breach to relevant authorities.

6. User Responsibilities

Customers are expected to:

  • Use strong passwords and update them regularly.
  • Keep account credentials private.
  • Notify us immediately of any unauthorized access or suspicious activity in their accounts.

7. Policy Updates

We reserve the right to update this Security Policy periodically to reflect changes in technology or legal requirements. Changes will be effective upon posting to our website, and continued use of our services constitutes acceptance of the updated policy.