1. Introduction

Eaglecart (“we,” “us,” or “our”) is committed to providing a secure and reliable global commerce platform. This Security Policy outlines our approach to protecting our infrastructure, user accounts, and sensitive data, in compliance with international standards including ISO 27001, GDPR, UAE PDPL, and best practices for SaaS platforms.

2. Platform Security

• Hosting & Infrastructure: Eaglecart is hosted on Amazon Web Services (AWS), utilizing multi-region deployment for resilience and low latency.
• Network Security: We use Cloudflare for DDoS mitigation, web application firewall (WAF), and secure content delivery to protect against external threats.
• Encryption: All data in transit is encrypted using TLS 1.2/1.3; data at rest is protected with AES-256 encryption.
• Access Control: Platform administrators follow strict role-based access controls (RBAC) and audit logging to limit internal access to sensitive systems.
• Regular Testing: We conduct penetration testing, vulnerability scanning, and code reviews regularly to identify and remediate risks.
• Backups & Redundancy: Daily automated backups with disaster recovery strategies ensure business continuity globally.

3. User Account Security

• Credentials: Users must maintain the confidentiality of account credentials and API keys. We do not store passwords in plain text.
• Two-Factor Authentication: 2FA is highly recommended for all accounts to add an extra layer of protection.
• Suspicious Activity: Immediately report any unauthorized access or suspicious account activity to our support team.
• Staff Management: Merchants are responsible for managing staff access permissions for POS, WMS, and online stores.

4. Data Protection

• Compliance: Personal and business data is stored securely in compliance with GDPR, UAE PDPL, CCPA, and other applicable regulations.
• Segregation: Data is segregated logically to prevent cross-account exposure.
• Payment Security: All sensitive payment data is processed only by certified PCI DSS-compliant partners; we do not store raw credit card numbers.
• Monitoring: Regular monitoring and logging ensure rapid detection of suspicious access or data anomalies.

5. Incident Response

We maintain a comprehensive incident response plan:

• All security incidents are logged, investigated, and resolved according to strict protocols.
• Critical incidents trigger immediate alerts to internal security teams and affected users.
• Post-incident reviews are conducted to strengthen platform security and prevent recurrence.
• In case of a confirmed data breach, Eaglecart will comply with all legal notification requirements in the relevant jurisdictions.

6. Third-Party Security

• Vendor Assessment: All third-party vendors undergo a rigorous security assessment before integration.
• Sub-processors: Infrastructure partners such as AWS and Cloudflare are bound by strict contractual security obligations.
• Integrations: Payment gateways, shipping integrations, and other connected services must adhere to relevant compliance standards.

7. Security Best Practices

We encourage all merchants to follow these best practices:

• Use strong, unique passwords and rotate them regularly.
• Enable 2FA for the Account Owner and all staff accounts.
• Regularly monitor access logs and account activity within the dashboard.
• Keep POS and WMS devices secure and updated with antivirus software and firewalls.
• Educate staff about phishing, social engineering, and cybersecurity risks.

8. Changes to This Policy

Eaglecart may update this Security Policy to address emerging threats, compliance changes, or technological updates. Significant changes will be communicated via email or platform notifications.