ℹī¸ INFORMATIONAL RESOURCE ONLY - This website provides educational information about digital gift card systems for businesses. We do not offer free gift cards, rewards, or incentives. Review our Privacy Policy.

Security Policy

Last Updated: October 30, 2025

At GiftShahin.org, security is our top priority. This Security Policy outlines the comprehensive measures we implement to protect your information, maintain system integrity, and ensure safe operations.

Our Security Commitment

We are committed to:

  • Protecting all information shared with us
  • Maintaining secure infrastructure and systems
  • Regular security audits and assessments
  • Prompt response to security incidents
  • Transparency about our security practices
  • Compliance with industry security standards

Data Encryption

Encryption in Transit

All data transmitted between your device and our servers is encrypted using:

  • TLS 1.2 or higher (Transport Layer Security)
  • 256-bit SSL certificates
  • Secure HTTPS protocol for all pages
  • Perfect Forward Secrecy (PFS) to protect past sessions

Encryption at Rest

Data stored on our systems is protected with:

  • AES-256 encryption for sensitive data
  • Encrypted database systems
  • Secure backup encryption
  • Key management systems with strict access controls

Access Control

Authentication

  • Multi-factor authentication (MFA) for administrative access
  • Strong password requirements
  • Regular password rotation policies
  • Account lockout after failed login attempts
  • Session timeout mechanisms

Authorization

  • Role-based access control (RBAC)
  • Principle of least privilege
  • Regular access reviews and audits
  • Segregation of duties for critical operations

Infrastructure Security

Server Security

  • Secure, monitored data centers
  • Firewalls and intrusion detection systems
  • Regular security patches and updates
  • DDoS protection mechanisms
  • Server hardening and configuration management

Network Security

  • Network segmentation and isolation
  • Virtual Private Networks (VPN) for remote access
  • Network traffic monitoring and analysis
  • Intrusion prevention systems (IPS)

Application Security

Secure Development

  • Security-first development practices
  • Regular code reviews and security testing
  • Input validation and sanitization
  • Protection against common vulnerabilities (OWASP Top 10)
  • Secure coding standards and guidelines

Vulnerability Management

  • Regular vulnerability scanning
  • Penetration testing by qualified professionals
  • Rapid patch deployment for critical vulnerabilities
  • Bug bounty program considerations

Monitoring and Detection

Security Monitoring

  • 24/7 system monitoring
  • Real-time threat detection
  • Security Information and Event Management (SIEM)
  • Log collection and analysis
  • Anomaly detection systems

Incident Detection

  • Automated alerting systems
  • Threat intelligence integration
  • Regular security log reviews
  • Behavioral analysis

Incident Response

Response Plan

We maintain a comprehensive incident response plan that includes:

  • Incident identification and classification
  • Containment and isolation procedures
  • Investigation and analysis protocols
  • Remediation and recovery steps
  • Post-incident review and improvement

Notification Procedures

In the event of a security incident affecting your information:

  • We will assess the scope and impact
  • Notify affected parties within 72 hours when required
  • Provide clear information about the incident
  • Offer guidance on protective measures
  • Comply with all legal notification requirements

Data Protection

Data Minimization

  • Collect only necessary information
  • Limit data retention periods
  • Secure data disposal procedures
  • Regular data cleanup and archiving

Privacy by Design

  • Privacy considerations in all systems
  • Default privacy-friendly settings
  • User control over personal data
  • Transparent data processing practices

Employee Security

Training and Awareness

  • Regular security training for all staff
  • Phishing awareness programs
  • Security best practices education
  • Incident reporting procedures training

Background Checks

  • Pre-employment screening
  • Confidentiality agreements
  • Access revocation upon termination
  • Regular security clearance reviews

Third-Party Security

Vendor Management

  • Security assessments of all vendors
  • Contractual security requirements
  • Regular vendor security reviews
  • Data processing agreements

Third-Party Services

  • Due diligence on service providers
  • Security certifications verification
  • Limited access to necessary data only
  • Regular security compliance audits

Compliance and Standards

Industry Standards

We align our security practices with recognized standards:

  • ISO 27001 Information Security Management
  • NIST Cybersecurity Framework
  • PCI DSS for payment data (where applicable)
  • SOC 2 Type II compliance considerations

Regulatory Compliance

  • GDPR (General Data Protection Regulation)
  • CCPA (California Consumer Privacy Act)
  • State data breach notification laws
  • Industry-specific regulations

Business Continuity

Backup and Recovery

  • Regular automated backups
  • Encrypted backup storage
  • Tested recovery procedures
  • Geographically distributed backups
  • Defined Recovery Time Objectives (RTO)

Disaster Recovery

  • Comprehensive disaster recovery plan
  • Regular testing and drills
  • Redundant systems and infrastructure
  • Emergency communication procedures

User Security

Your Responsibilities

Help us maintain security by:

  • Using strong, unique passwords
  • Keeping login credentials confidential
  • Reporting suspicious activities immediately
  • Keeping your devices and software updated
  • Being cautious of phishing attempts

Security Best Practices

  • Enable two-factor authentication when available
  • Log out after sessions, especially on shared devices
  • Review account activity regularly
  • Use secure internet connections
  • Be careful when sharing information

Security Updates and Maintenance

Regular Updates

  • Scheduled security patches
  • Software and firmware updates
  • Security configuration reviews
  • Threat model updates

Continuous Improvement

  • Regular security assessments
  • Lessons learned from incidents
  • Industry best practice adoption
  • Security technology upgrades

Reporting Security Issues

Responsible Disclosure

If you discover a security vulnerability:

  • Email us immediately at: [email protected]
  • Provide detailed information about the vulnerability
  • Do not exploit the vulnerability
  • Allow time for us to address the issue
  • We appreciate responsible disclosure

What to Include

  • Description of the vulnerability
  • Steps to reproduce the issue
  • Potential impact assessment
  • Your contact information
  • Any supporting documentation

Security Certifications

We maintain or work towards various security certifications and attestations to demonstrate our commitment to security best practices.

Limitations

While we implement comprehensive security measures, no system can be 100% secure. We cannot guarantee absolute security but commit to:

  • Implementing industry-leading security practices
  • Continuous monitoring and improvement
  • Rapid response to security incidents
  • Transparency in our security practices

Changes to This Policy

We may update this Security Policy to reflect changes in our practices or legal requirements. Material changes will be communicated through our website with an updated "Last Updated" date.

Contact Us

For security-related questions or concerns:

GiftShahin.org
Security Team
205 21st St
Pittsburgh, Pennsylvania 15222
United States

Email: [email protected]
General Inquiries: [email protected]
Phone: (412) 281-1922

Return to Home Privacy Policy