Secure online shopping
The security of your personal data is very important to us and we take a lot of care to handle and store it as best we can.
1. We use encrypted https links between our web server and your browser which means that all data passed between you and us cannot be intercepted.
2. We do not store your card details, but instead utilise Sage Pay or PayPal who are PCI compliant payment processing providers for all orders placed online and over the phone – it is their job to process the transaction for us in their own highly secure environment. The Cake Craft Shop website does not process any cards itself or host any card payment pages. Before you enter your card details you are either redirected to the PayPal website where you can complete the transaction, or an embedded Sage Pay payment page.
You can find out more about Sage Pay security by clicking here
You can find out more about PayPal security by clicking here
3. We carry out penetration testing for possible vulnerabilities and to identify ways to further strengthen security using industry leading 3rd party supplier.
1. All server and database access is restricted to whitelisted IP addresses.
2. Our web developers use their own penetration testing on the Cake Craft Shop servers using industry leading 3rd party supplier.
3. Routine patches, upgrade and maintenance of server infrastructure, hardware, OS and software (MySQL, PHP, etc.) is conducted regularly and routinely, in accordance with security best practice.
4. Our servers are located in a secure data centre offering both ISO 27001 and ISO 22301. The site benefits from 24/7 security and highly controlled physical access.