Security Policy

Effective date: March 2, 2026

This Security Policy describes how Craft Accords protects information and systems in connection with our website, loyalty program, and related services.

1. Our Security Program

We maintain administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, destruction, loss, alteration, or misuse.

2. Controls We Use

• Access controls based on role and business need
• Encryption in transit (TLS) for website traffic
• Secure credential and session management practices
• System monitoring, logging, and periodic security review
• Vendor and service-provider security due diligence where appropriate

3. Payment Security

Payment information is processed by third-party payment processors. We do not store full payment card data on our web servers unless explicitly stated for a specific service.

4. Your Responsibilities

• Use strong, unique passwords for your accounts
• Keep devices and apps up to date
• Notify us promptly of suspected unauthorized account activity

5. Incident Response and California Breach Notice

If we determine that a security incident involves personal information as defined by applicable California law, we will provide required notices in the most expedient time possible and without unreasonable delay, consistent with lawful needs and California Civil Code § 1798.82.

6. Vulnerability Reporting

If you believe you found a security issue, contact us at support@craftaccords.com with details so we can investigate promptly.

7. Policy Updates

We may update this Security Policy from time to time. The “Effective date” above reflects the latest revision.

8. Contact

Craft Accords
Email: support@craftaccords.com