Payment Security & Data Protection FAQ

Your security is our top priority. Here are answers to common questions about how we protect your payment information and personal data.

Payment Card Security

Q: Is it safe to enter my credit card information on your website?

A: Yes, absolutely. All payment card information is transmitted using SSL/TLS encryption with 256-bit security, the same level of encryption used by banks and financial institutions. This means your card details are scrambled during transmission and cannot be intercepted by unauthorized parties.

Q: Do you store my credit card information?

A: We do not store complete credit card numbers on our servers. Our payment processing is handled by PCI DSS-compliant payment processors (the highest security standard in the payment card industry). Any payment information that is stored for your convenience is tokenized and encrypted using AES-256 encryption, meaning your actual card details are replaced with a secure token that cannot be reverse-engineered.

Q: What is PCI DSS compliance?

A: PCI DSS (Payment Card Industry Data Security Standard) is a set of security standards designed to ensure that all companies that accept, process, store, or transmit credit card information maintain a secure environment. Our payment processors are fully PCI DSS compliant, which means they meet the strictest security requirements for handling payment card data.

Q: What is tokenization, and how does it protect my card?

A: Tokenization is a security process that replaces your sensitive card information with a unique identifier (token) that has no exploitable value. Even if someone gained unauthorized access to our systems, they would only see meaningless tokens, not your actual card numbers. Your real card data is stored securely in encrypted vaults maintained by our payment processor.

Q: Can I save my payment information for faster checkout?

A: Yes, you can securely save your payment information to your account for faster future purchases. Saved payment methods are tokenized and encrypted, ensuring your card details remain protected while providing you with checkout convenience.

Data Encryption & Security

Q: How do you protect my personal information?

A: We implement multiple layers of security, including:

• SSL/TLS encryption for all data transmitted between your browser and our servers
• AES-256 encryption for sensitive data stored in our systems
• Regular security audits and vulnerability assessments
• Restricted access to personal information on a need-to-know basis
• Secure data centres with physical and digital safeguards
• Employee training on data protection and privacy practices

Q: What is SSL/TLS encryption?

A: SSL (Secure Socket Layer) and TLS (Transport Layer Security) are cryptographic protocols that create a secure, encrypted connection between your web browser and our server. You can verify this connection by looking for the padlock icon in your browser's address bar and "https://" at the beginning of our website URL.

Q: What happens to my data if there's a security breach?

A: While we implement industry-leading security measures to prevent breaches, we have protocols in place to respond immediately if one occurs. We would notify affected customers promptly, work with cybersecurity experts to contain the breach, and take all necessary steps to protect your information. We also maintain cyber insurance and incident response plans.

Q: Do you share my payment information with third parties?

A: We never sell your payment information. Your card details are only shared with our PCI DSS-compliant payment processors for the sole purpose of completing your transactions. We do not share payment information with marketing companies, data brokers, or any other third parties.

Account Security

Q: How can I make my account more secure?

A: We recommend:

• Using a strong, unique password (at least 12 characters with a mix of letters, numbers, and symbols)
• Never sharing your password with anyone
• Logging out after using shared or public computers
• Keeping your email account secure (since it's used for password resets)
• Reviewing your order history regularly for any unauthorized activity

Q: What should I do if I suspect unauthorized activity on my account?

A: Contact us immediately at info@stardustdragonduelacademy.com. We'll help you secure your account, investigate any suspicious activity, and take appropriate action. You should also change your password right away and review recent orders.

Q: Can I delete my payment information from your system?

A: Yes, you can remove saved payment methods from your account at any time through your account settings. Note that we may retain transaction records for legal and accounting purposes (typically 7 years), but these records are encrypted and securely stored.

Privacy & Data Rights

Q: What data do you collect when I make a purchase?

A: We collect information necessary to process your order, including your name, email address, shipping and billing addresses, phone number, and payment information. We also collect order history and browsing behaviour to improve your shopping experience.

Q: Can I request a copy of my personal data?

A: Yes, you have the right to access the personal information we hold about you. Contact us at info@stardustdragonduelacademy.com to request a copy of your data. We'll provide it in a readable format within 30 days.

Q: Can I request deletion of my personal data?

A: Yes, you can request deletion of your personal information, subject to legal retention requirements (such as tax and accounting records). Contact us to submit a deletion request, and we'll process it within 30 days while retaining only what's legally required.

Q: How long do you keep my information?

A: We retain personal information for as long as necessary to fulfill orders, provide customer service, and comply with legal obligations. Transaction records are typically kept for 7 years for tax and accounting purposes. You can request deletion of non-essential data at any time.

Additional Questions

Q: Is your website regularly tested for security vulnerabilities?

A: Yes, we conduct regular security audits, vulnerability assessments, and penetration testing to identify and address potential security issues before they can be exploited.

Q: Do you comply with privacy regulations like PIPEDA?

A: Yes, we comply with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and other applicable privacy laws. Our privacy practices are designed to meet or exceed regulatory requirements.

Q: Who can I contact if I have more security questions?

A: For any security or privacy questions, please contact us at:
Email: info@stardustdragonduelacademy.com
Or visit our Contact Us page.

We're committed to transparency and are happy to answer any questions about how we protect your information.