Security Policy

Last updated: October 3, 2025

Purpose

This Security Policy explains how Raj.B Atelier protects customer data, payment information, and our systems. It describes technical and organizational measures we maintain to reduce risk, how we respond to incidents, and what we expect from customers to keep information secure.

Scope

This policy applies to all data processed by Raj.B Atelier (online and offline), our website, order management systems, third-party services (payment processors, hosting, analytics, couriers), and our staff/contractors who access customer information.

Data Encryption & Transmission

• All data transmitted between customers’ browsers and our website is encrypted using SSL/TLS (HTTPS).
• Payment card details are processed only through trusted, PCI-compliant third-party gateways (e.g., Razorpay, PayPal, Stripe — replace with actual providers you use). We do not store full card numbers or CVV on our servers.
• Sensitive internal data at rest is stored on secure hosting with access controls and, where feasible, encrypted storage volumes.

Access Control & Authentication

• Access to production systems, admin panels, and customer databases is restricted to authorized personnel only on a need-to-know basis.
• All admin accounts use strong passwords and where possible multifactor authentication (MFA). Passwords follow complexity and rotation best practices.
• Employee and contractor access is revoked immediately upon role change or termination.

Application & Infrastructure Security

• We use reputable hosting providers and keep server software, CMS (WordPress/Astra), themes and plugins updated to mitigate known vulnerabilities.
• We perform regular vulnerability scanning and apply security patches promptly.
• Where applicable, we use Web Application Firewalls (WAF) and other protections against common attacks (SQLi, XSS, brute force).

Backups & Business Continuity

• Regular backups of critical systems and databases are taken and stored securely (on-site and/or off-site). Backup frequency is configured according to data criticality.
• Backups are encrypted and periodically tested for restore capability to ensure continuity if data loss occurs.

Physical Security

• Physical access to offices, workshops and on-premise servers (if any) is controlled. Devices storing sensitive data are kept in secure locations.
• Visitors and third-party vendors are supervised and access is logged where applicable.

Third-Party Providers & Supply Chain

We carefully select third-party services (payment gateways, hosting, email, analytics, couriers). Wherever possible we prefer providers with strong security posture and compliance (e.g., PCI, ISO). We maintain contracts that require reasonable security and data protection measures from these vendors.

Logging, Monitoring & Incident Detection

• Systems generate logs for authentication, administrative actions, and critical events. Logs are monitored for suspicious activity.
• We use automated alerts for critical failures and potential security incidents.

Incident Response & Breach Notification

• We maintain an incident response plan: identify → contain → investigate → remediate → document.
• In case of a confirmed data breach affecting personal data, we will notify affected customers and relevant authorities in accordance with applicable laws and as soon as reasonably possible.
• Post-incident, we perform root-cause analysis and remedial actions to prevent recurrence.

Data Minimization & Retention

• We collect only information necessary to provide services (orders, tailoring measurements, contact and billing details).
• Data retention periods are defined by business and legal requirements (e.g., order records typically retained for tax/accounting purposes). Unnecessary data is deleted or anonymized when no longer required.

Employee Training & Awareness

Staff who handle customer data receive training on privacy, data handling best practices, phishing awareness and secure usage of company systems. Regular reminders and updates are provided.

Secure Development & Change Management

For any custom development we follow secure coding practices, test changes in a staging environment, and perform code reviews before deployment. Changes to production systems follow an approved change management process to reduce risk.

Customer Responsibilities

• Keep your account password confidential and choose a strong password. Enable MFA if available on your account.
• Review communications carefully — Raj.B Atelier will never ask for full card numbers or passwords via email or phone.
• Report suspected suspicious activity, unauthorized charges, or phishing attempts to info@rajbatelier.com immediately.

Privacy & Security Integration

Security and privacy are integrated — personal data is handled according to our Privacy Policy, and technical safeguards described here support those commitments.

Compliance & Reviews

We periodically review security measures, perform internal audits, and update controls to meet changing threats and regulatory requirements. For specific compliance needs (e.g., PCI evidence), we rely on our payment processor’s compliance documentation.

Limitations

While we implement reasonable and industry-standard security controls, no system is entirely immune to attack. We cannot guarantee absolute security of data in transit or at rest, but we strive to minimize risk and respond rapidly to incidents.

Contact & Reporting

To report security issues, suspected breaches, or vulnerabilities, contact:

Email:  info@rajbatelier.com
Phone: +91-9520967676

Note

This Security Policy provides an overview of our approach to protecting data and systems. For operational or technical details (penetration tests, audit reports, PCI statements) please contact our team — sensitive documents may be shared under NDA where appropriate.