Data Security Policy

Thank you for visiting AFA Stores. We are committed to protecting the privacy, confidentiality, and integrity of the information you share with us. This Data Security Policy explains how we safeguard your personal information, including payment details, when you shop on our website.

PCI DSS compliance

AFA Stores operates on the Shopify platform, which is certified as a Level 1 PCI DSS (Payment Card Industry Data Security Standard) compliant service provider. This means that the processing, transmission, and storage of cardholder data through our online store follows strict industry security standards.

AFA Stores does not store full credit card numbers, CVV codes, magnetic stripe data, or PIN data on our own servers. All payment information is handled securely through Shopify’s PCI-compliant checkout.

Secure payment processing

All transactions on our website are processed through Shopify’s secure payment environment. When you enter your payment information at checkout, it is encrypted and transmitted securely to Shopify’s payment infrastructure.

Sensitive cardholder information is tokenized and managed by Shopify. AFA Stores employees do not have access to your full credit card number at any time.

Encryption and secure transmission

We use industry-standard encryption technologies to protect your information. All pages on our site where personal information is collected are secured with HTTPS.

Data transmitted between your browser and our website is encrypted using TLS (Transport Layer Security). This helps ensure that your information cannot be read or altered by unauthorized parties while in transit.

Network and system security

AFA Stores benefits from Shopify’s enterprise-grade hosting and security infrastructure. This includes firewalls, intrusion detection, secure server configurations, and continuous monitoring to help protect against unauthorized access.

In addition, AFA Stores maintains internal security practices to protect administrative access and customer information, including secure passwords and restricted access to sensitive systems.

Access control and authentication

Access to customer information is limited to authorized personnel who require it to perform their job duties. We use unique user accounts and strong authentication practices for administrative access to our store.

Access rights are reviewed periodically, and employees are required to keep customer information secure and confidential.

Vulnerability management and monitoring

Shopify performs ongoing security monitoring, threat detection, and regular updates to its platform. This helps ensure that known vulnerabilities are addressed promptly.

AFA Stores also follows secure practices on our own devices and systems, including the use of anti-malware tools and secure configurations. Any suspicious activity is investigated promptly.

Third-party service providers

We may use third-party service providers (such as apps and integrations within Shopify) to support our store operations. These providers are expected to maintain appropriate security measures and comply with applicable data protection requirements.

Only service providers with a legitimate business need are given access to customer information, and they are not permitted to use this information for their own marketing purposes.

Data retention and storage

We retain customer information only for as long as necessary to fulfill orders, provide customer service, meet legal or regulatory obligations, or for other legitimate business purposes.

Payment card data is not stored on AFA Stores servers. Personal information is stored securely within Shopify’s protected environment and is deleted or anonymized when it is no longer needed.

Incident response

AFA Stores maintains procedures to respond to potential security incidents. If we become aware of a security event that affects your personal information, we will investigate promptly and take appropriate steps to mitigate any impact.

Where required by law, we will notify affected customers and any applicable authorities.

Customer responsibilities

You can help protect your information by using a strong, unique password for your AFA Stores account and keeping your login details confidential. If you believe your account has been accessed without authorization, please contact us immediately.

Changes to this Data Security Policy

We may update this Data Security Policy from time to time. Any changes will be posted on this page, and updates will apply on a going-forward basis. We encourage you to review this policy periodically to stay informed about how we protect your information.

Contact information

If you have any questions, concerns, or comments about this Data Security Policy, you may contact us using the information below:

By E-mail: [email protected]
By Phone: 855-686-3189

Thank you for shopping at AFA Stores.