Security Policy

Product: SpinX – a Shopify App by ePlugin Co., Ltd.
Last updated: June 18, 2025

At ePlugin, we take security seriously and strive to protect our app and your data against unauthorized access, alteration, or destruction.

1. Data Protection & Encryption

• All communication is encrypted using HTTPS (TLS 1.2 or higher).
• Customer data (e.g., email and name) is stored securely in a database on encrypted volumes.
• Backups are encrypted and stored securely.

2. Access Control

• Access to production data is limited to authorized personnel with strict access roles.
• Staff access is protected by strong password requirements and audit logging.
• Development, staging, and production environments are isolated.

3. Data Retention & Deletion

• Customer data is retained for a maximum of 90 days.
• Merchants can manually export or delete campaign data.
• Upon app uninstallation, all related customer data is purged within 30 days.

4. Incident Response Plan

• Affected components are isolated.
• Logs are reviewed immediately.
• Credentials are rotated if necessary.
• Affected merchants are notified within 72 hours.
• A post-incident report is conducted.

5. Contact

For security inquiries, contact [email protected].