1. Introduction
At The Mass Apothecary, we value the trust you place in our online store. Protecting your payment and personal information is our highest priority. This Payment Security Policy explains the measures we take to safeguard your payment details and describes how we handle sensitive information during and after payment processing.
2. Secure Connection and Data Encryption
- SSL/TLS Encryption: We use industry-standard SSL/TLS (Secure Sockets Layer/Transport Layer Security) encryption to protect your personal information during transmission. You can confirm you are on a secure page by checking for “https://” at the beginning of the URL or the padlock icon in your browser’s address bar.
- Data in Transit: All data transferred between your browser and our servers is encrypted to prevent unauthorized access or interception.
- Data at Rest: Any sensitive data we store (e.g., payment tokens) is encrypted or tokenized in our databases and accessible only by authorized personnel.
3. PCI-DSS Compliance
- Industry Standards: We adhere to the Payment Card Industry Data Security Standard (PCI-DSS) requirements, which ensure the secure handling of credit card information by our site and service providers.
- Third-Party Compliance: Our payment processors and gateways are also fully PCI-DSS compliant, ensuring that your payment information is handled in line with the highest security standards.
4. Payment Methods
- Accepted Payment Options: We accept major credit cards, debit cards, and/or other forms of payment (e.g., Sezzle, digital wallets), depending on your region.
- Tokenization: Where possible, credit or debit card details are tokenized and stored securely with our payment processor to reduce the risk of data breaches. Our systems never store full card details; instead, we use a token or a unique identifier for future transactions or refunds.
5. Fraud Prevention and Detection
- Fraud Screening: We use automated and manual checks to identify and prevent fraudulent transactions. Suspicious transactions may be flagged for review or blocked.
- Address Verification (AVS) and Card Verification Value (CVV): These checks are performed when applicable to ensure that the person initiating the transaction is authorized to use the card.
- Transaction Limits: In some cases, we may enforce transaction limits or request additional verification to mitigate fraud risks.
6. Data Retention
- Minimal Storage: We only retain the minimum amount of personal and transaction data necessary for record-keeping, dispute resolution, and compliance with legal requirements.
- Regular Reviews: Data is reviewed and securely deleted or anonymized after it is no longer needed for legitimate business purposes.
7. Access Controls
- Employee Access: Only employees who need payment data to perform specific tasks (e.g., billing or customer support) have access to the information.
- Training and Policies: All employees undergo training on data privacy and security best practices, and they are bound by strict confidentiality agreements.
- Infrastructure Security: Our servers and back-end systems are secured with firewalls, intrusion detection systems, and other access control mechanisms.
8. Third-Party Service Providers
- Payment Gateways: We partner with reputable payment gateways that comply with industry standards (PCI-DSS) to process credit and debit card transactions.
- Contractual Safeguards: All service providers that handle personal information must adhere to strict data security practices and sign agreements to protect your data.
9. Chargebacks and Disputes
- Process: If you suspect unauthorized activity or need to dispute a charge, please contact us immediately at support@massapothecary.com or via phone at 774-301-6135.
- Investigation: We will promptly investigate any fraudulent or disputed charges and work with our payment processors to resolve the issue.
10. Updates to the Policy
- Policy Revisions: We may update this Payment Security Policy from time to time to reflect changes in our security practices, technology, or legal requirements.
- Notification: If we make significant changes, we will notify you by posting a prominent notice on our website or sending an email to your registered email address.
11. Contact Us
If you have questions or concerns about our Payment Security Policy, please reach out to us at:
Mailing Address:
The Mass Apothecary
25 Market St Suite 7
Swansea, MA 02777
Email: support@massapothecary.com
Phone: 774-301-6135