Spend $50.00 to get free shipping

Security Policy

Company Name: Crunchy Hydration
Policy Title: Website Security Policy
Last Updated: November 11, 2024
Policy Owner: CEO


1. Purpose
This policy aims to protect the integrity, availability, and confidentiality of the Drink Crunchy website and its data. It defines the procedures and responsibilities necessary to prevent unauthorized access, data breaches, and cyberattacks.

2. Scope
This policy applies to all employees, contractors, and third-party vendors who interact with or manage the Drink Crunchy website.

3. Access Control
User Accounts: Only authorized personnel are granted access to the website’s backend. Access is role-based and periodically reviewed.
Authentication: All users must use strong passwords.
Account Management: Admin accounts must be disabled immediately upon the departure of an employee or when access is no longer required.

4. Data Protection
Encryption: All sensitive data, including user information, is encrypted in transit using SSL/TLS and stored in an encrypted database.
Data Retention: User data is only retained when consumers consent and provide data.

5. Website Monitoring
Intrusion Detection: Security tools continuously monitor the website for unauthorized access attempts, unusual behavior, and potential threats.
Premium Security Plan: Protects our domain against hijacking attempts, transfers, and high risk actions.

6. Content Management System (CMS) Security
Updates: The CMS and all plugins are updated monthly or whenever a security patch is released.
Third-Party Integrations: Only trusted, regularly updated third-party plugins and services are used. Unused plugins or extensions are promptly removed.

7. Incident Response
Reporting: All website incidents (e.g., hacking attempts, breaches) must be reported to our website management team.
Containment and Recovery: The team will assess the incident, contain the threat, and implement recovery steps as needed.

8. Backup and Recovery
Daily Backups: Full backups of the website and its database are performed daily.
Storage: Backups are securely stored in an offsite location.
Testing: Backup restorations are tested quarterly to ensure data integrity and availability.

9. Compliance and Legal Requirements
Privacy Laws: The website complies with applicable data protection regulations (e.g., GDPR, CCPA) and regularly updates practices to meet evolving requirements.
Third-Party Contracts: All vendors handling sensitive data on our behalf are required to follow our security standards.

10. Review and Revisions
This policy is reviewed annually or as needed in response to new security risks or regulatory changes.

">