Our web site stores and transmits your data securely and our systems are protected with security policies and fraud prevention systems. We use secure, token-based credit card verification to avoid storing potentially exploitable personal and financial information. We never store your credit card details, ensuring the utmost protection for your data.
SasquatchParts.com is secured via state-of-the-art Transport Layer Security (TLS) encryption. TLS encryption, the successor to Secure Sockets Layer (SSL) encryption, protects communications by using both server authentication and data encryption. This ensures that data in transit is safe, secure, and available only to intended recipients. This is the same technology banks use to secure your data while in transit.
All payments are securely processed by either Stripe or PayPal, in full compliance with the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
Security Statement
This Security Statement is aimed at being transparent about our security infrastructure and practices, to help reassure you that your data is appropriately protected.
Application and User Security
- Encryption: SasquatchParts.com is secured via state-of-the-art Transport Layer Security (TLS) encryption. TLS encryption, the successor to Secure Sockets Layer (SSL) encryption, protects communications by using both server authentication and data encryption. This ensures that all data in transit is safe, secure, and available only to intended recipients.
- Payment Processing: All payments are securely processed by either Stripe or PayPal, our PCI-DSS compliant payment gateway providers, who protect your financial information with industry-leading security and fraud prevention systems. Payment information, including customer credit card details and account information, is never stored on our servers nor is it transmitted to or from our servers. It is tokenized, encrypted and transmitted directly from your browser to the payment processor using state-of-the-art, encrypted SSL/TLS connections.
- User Authentication: User data on our database is logically segregated by account-based access rules. User accounts have unique usernames and passwords that must be entered each time a user logs on. Our site issues session cookies to record encrypted authentication information for the duration of a specific session. The session cookies do not include the password of the user.
- User Passwords: User application passwords have minimum complexity requirements.
- Data Retention: We collect only as much personal data as is required to provide our services to users in an efficient and effective manner.
- Privacy: We have a comprehensive privacy policy that provides a very transparent view of how we handle your data, including how we use your data, who we share it with, and how long we retain it.
- Security Scans: Security scans of our systems are performed on a regular basis. We scan for malware and phishing URL’s including all URL’s on the Google Safe Browsing List that are security threats as well as heuristics of backdoors, trojans, suspicious code and other security issues.
- Firewall: An enterprise-grade firewall is in place which uses machine-learning algorithms to actively block attackers in real-time.
- Patching: The latest security patches are regularly applied to all operating system and application files to mitigate any newly discovered vulnerabilities.
Handling of Security Breaches
Despite best efforts, no method of transmission over the Internet and no method of electronic storage is ever perfectly secure. We cannot guarantee absolute security. However, if we learn of a security breach, we will notify affected users so that they can take appropriate protective steps. Our breach notification procedures are consistent with our obligations under state and federal laws and regulation, as well as any industry rules or standards that we adhere to.
Customer Responsibilities
Keeping your data secure also depends on you ensuring that you maintain the security of your account by using a sufficiently complicated password and storing it safely. We also strongly suggest educating yourself and others on the various social engineering attacks that are now common.
