Data Security Policy

Server security

All data processing and operations are conducted on secure Linode servers located in the USA. Linode employs robust security measures, including:

• 24/7 surveillance to monitor access to facilities
• Restricted access to control terminals, allowed only for authorized personnel
• Network firewalls for enhanced security
• DDoS protection to prevent distributed denial-of-service attacks

Cloudflare Protection

We leverage Cloudflare for additional protection, including DDoS mitigation, network firewalls, and web traffic monitoring. Cloudflare enhances the security of our infrastructure, ensuring fast and secure access to our services while protecting against potential online threats.

Encryption Methods

We utilize AES-256 encryption to secure data at rest and TLS (Transport Layer Security) to protect data during transmission. This ensures that all sensitive information, including Personally Identifiable Information (PII), is encrypted both in storage and while being transmitted across networks.

Data Retention

We retain Personally Identifiable Information (PII) for up to 90 days after the shipment of an order, as required for customer support and order tracking. After this period, all data is securely deleted from our systems in compliance with Amazon’s Data Protection Policy.

Data Access Control

Access to sensitive information is controlled through Role-Based Access Control (RBAC). Only authorized personnel with specific job roles have access to PII. Access is regularly reviewed and restricted to employees on a need-to-know basis, ensuring that data is protected from unauthorized access.

Incident Response Plan

LitCommerce has an Incident Response Plan to detect, respond, and mitigate potential security incidents, including unauthorized access or data breaches. Our team acts swiftly to contain and resolve issues, and we maintain transparency with affected stakeholders. In the event of a breach involving third-party data, such as Amazon Information, we promptly notify the relevant parties, including Amazon, to ensure timely communication and resolution.

Monitoring and Auditing

We continuously monitor access to sensitive information, maintaining audit logs to track all data access attempts. Regular reviews ensure that any unauthorized or suspicious activity is detected and responded to promptly.

Device Control

Data Loss Prevention (DLP) tools are in place to prevent unauthorized data transfers to personal devices. Employees are only allowed access to sensitive data through company-managed and secured devices, and any breach attempts trigger real-time alerts for further investigation.

GDPR compliance

LitCommerce complies with the General Data Protection Regulation (GDPR) by ensuring lawful data collection, processing, and storage. We obtain clear consent before collecting personal data, and users have the right to access, rectify, or request deletion of their data at any time. In the event of a data breach, we promptly notify affected users in accordance with GDPR guidelines. Additionally, we ensure that data processing is transparent, and users can contact our Data Protection Officer (DPO) for any inquiries.

Third-party Data Sharing

LitCommerce does not share sensitive customer information with third-party service providers or entities, except where required for legal or operational purposes. All data sharing is conducted in strict compliance with our privacy and security policies.

Payment security

LitCommerce is using PayPal – the No.1 worldwide payment gateway. All your payment data is processed via PayPal, LitCommerce will not store any payment data of our customers.