Security

If you have additional questions or require more information about our Security Policy, do not hesitate to contact us.

Commitment to Security

At Giftme, we prioritize the safety and security of our customers' data. Our platform incorporates multiple layers of protection to safeguard your personal and financial information.

Data Collection

We only collect the information necessary to provide optimal services to our customers and partners. Minimizing data collection helps reduce risks associated with handling unnecessary personal information.

Data Encryption and Secure Transmission

We use Secure Sockets Layer (SSL) technology to encrypt sensitive information, such as credit card details. All data collection and transfers between our systems and third-party systems are conducted over encrypted channels, ensuring your Personally Identifiable Information remains safe during transmission and protecting it from unauthorized access.

Payment Security

Giftme partners with reputable third-party payment processors that are PCI-compliant. These processors handle your payment details with the highest standards of security and confidentiality. Importantly, Giftme does not store any financial information on our servers.

Digital Transactions

Focusing on sustainability and convenience, Giftme promotes digital transactions, reducing the need for physical plastic cards. Our eGift cards are delivered instantly via SMS or email, providing a seamless and eco-friendly gifting experience.

Continuous Monitoring

We continuously monitor our systems and implement updates to enhance security measures. This proactive approach ensures we stay ahead of potential threats and provide a safe online shopping environment.

Data Storage and Security

We store all information on DigitalOcean, a leading cloud platform known for its robust security measures and compliance with various reputed security certifications, including:

• ISO/IEC 27001:2013: Information Security Management
• SOC 2 Type II: Service Organization Control
• SOC 3 Type II: Service Organization Control
• PCI-DSS Level 1: Payment Card Industry Data Security Standard

Our storage systems use industry-standard encryption and hashing algorithms to protect your data. We ensure that no deprecated algorithms or ciphers are used.

Information Handling

• Least Privilege and Need to Know: Only authorized employees have access to the information they need to perform their roles. Accesses are reviewed regularly to avoid access creep.
• Secure by Design and Defense in Depth: We deploy risk-commensurate security controls to protect information throughout its lifecycle, adhering to principles like “least privilege,” “need to know,” and “defense in depth.”
• Data Integrity and Destruction: After validating the accuracy of the information stored in our systems, we securely destroy any files or media used to transmit that information to us.
• Transparency: We do not share any Personally Identifiable Information with third-party service providers for any purpose other than to provide our services.

User Responsibility

While we take every measure to protect your data, we also encourage our users to be vigilant. Always keep your login credentials confidential and avoid sharing them. If you suspect any suspicious activity on your account, please contact our support team immediately.

Transparency and Updates

Giftme believes in transparency. We reserve the right to update or modify our security policy at any time. We encourage our users to regularly review our security policy to stay informed about our latest security practices. Any significant changes to the policy will be communicated through appropriate channels.