Collect only the data necessary for functionality, compliance, or business needs, minimizing the amount of Personally Identifiable Information (PII) collected.
Ensure that all data collection is transparent and compliant with relevant legal and regulatory requirements (e.g., GDPR, CCPA).
Data is used solely for its intended purpose, such as enhancing services, compliance, or improving user experience.
2. Data Storage
Data is stored securely using AWS services such as Amazon S3, Amazon RDS, and DynamoDB, ensuring that storage complies with encryption standards like AES-256.
Access to data storage systems is restricted through AWS Identity and Access Management (IAM) policies and role-based permissions.
All sensitive and confidential data must be encrypted at rest and in transit to protect against unauthorized access.
3. Data Sharing
We only share personal data, such as name and address with our shipping provider solely for the purpose of creating and processing shipping labels. This information is transmitted securely, and the data is used exclusively to fulfill customer orders and ensure efficient delivery.
We do not share personal data with any other third parties for marketing or non-essential services unless required by law or regulatory bodies.
4. Access Control and Authentication
Implement robust access controls using least privilege principles and enforce multi-factor authentication (MFA) for sensitive data access.
Access is granted only to authorized personnel based on job roles and responsibilities, and it is regularly reviewed and updated.
Logs and monitoring are in place to track data access and detect unauthorized access attempts using AWS services such as AWS CloudTrail.
5. Data Retention and Disposal
Data is retained only for the necessary duration specified by business needs or legal requirements.
Automatic data deletion policies are implemented using services like AWS S3 Lifecycle policies for secure disposal.
When no longer required, data is securely erased using AWS tools to ensure it is irrecoverable.
All personal data is erased within 3 days after the order is fulfilled.
6. Encryption and Security
All data is encrypted both at rest and in transit using AES-256 method.
AWS Key Management Service (KMS) is used for managing encryption keys securely.
Regular security audits and vulnerability assessments are conducted to identify and mitigate risks.
7. Incident Response
Continuous monitoring of systems is implemented using AWS CloudWatch and AWS CloudTrail to detect potential security incidents or unauthorized data access.
A structured incident response plan is in place to contain, investigate, and resolve any breaches, including notifying affected parties if required by regulations.
Post-incident reviews are conducted to improve security measures and prevent future incidents.
8. Privacy by Design
Data privacy principles are integrated into the development lifecycle, ensuring systems and applications are designed to protect user privacy from the start.
Privacy Impact Assessments (PIAs) are conducted for new projects or changes to assess and mitigate risks associated with data handling.
9. Policy Review and Updates
This policy is reviewed annually or whenever there are significant regulatory or technological changes.
Updates to the policy are communicated to all developers, and training is provided to ensure compliance and understanding.
