Security Policy

DiamondExpressJewelry.com is committed to protecting the security, integrity, and confidentiality of all customer information. This Security Policy outlines the technical, administrative, and physical safeguards we use to keep our website and customer data secure.

1. Data Protection & Encryption

    • All data transmitted between your browser and our servers is encrypted using HTTPS / TLS.
    • Sensitive information (such as payment data) is handled exclusively by PCI-compliant payment processors.
    • We never store full credit card numbers on our servers.

2. Account Security

    • Customer account passwords are encrypted and never stored in plain text.
    • We enforce industry-standard security practices for authentication.
    • Multiple failed login attempts may trigger temporary account lockouts to protect against brute-force attacks.
    • Customers are responsible for maintaining the confidentiality of their login credentials.

3. Server & Infrastructure Security

    • Our servers are protected by firewalls, access controls, and continuous monitoring.
    • Security patches and system updates are applied regularly.
    • Access to administrative systems is limited to authorized personnel using secure authentication methods.

4. Protection Against Cyber Threats

We employ a combination of automated and manual security measures to guard against:

    • Malware and malicious code.
    • SQL injection attempts.
    • Cross-Site Scripting (XSS).
    • Cross-Site Request Forgery (CSRF).
    • Distributed Denial-of-Service (DDoS) attacks.
    • Unauthorized access or tampering.

Routine security scans and monitoring help ensure early detection of suspicious activity.

5. Payment Security

    • All payment transactions are processed through trusted, PCI-compliant payment gateways.
    • We do not store or directly handle your credit card or banking information.
    • Fraud-detection tools may be used to identify suspicious orders or transactions.

6. Data Access & Internal Controls

    • Only trained staff members who need access to customer data for operational purposes are granted permissions.
    • All employees follow strict confidentiality agreements and security procedures.
    • Internal access is regularly reviewed and revoked when no longer required.

7. Incident Response

If a security incident occurs:

    1. We immediately investigate and contain the issue.
    2. We take corrective action to prevent recurrence.
    3. If customer data is impacted, we will notify affected users as required by law.

8. Third-Party Services

We may use third-party tools (e.g., analytics, email services, payment processors).
All third-party partners are required to follow strong security practices and comply with relevant privacy and security regulations.

9. User Responsibilities

To help keep your account secure, we recommend:

    • Use a strong, unique password.
    • Keep your login credentials private.
    • Log out after using a shared device.
    • Report suspicious activity immediately.

Contact us if you believe your account has been compromised.

10. Updates to This Security Policy

We may update this Security Policy as needed to reflect changes in technology, legal requirements, or our security practices.

Contact Information

If you have questions about our security practices or need to report an issue: