Security Policy
This Security Policy describes the measures MyQCart takes to protect the confidentiality, integrity, and availability of Client and end-user data.
This Security Policy describes the measures MyQCart™ takes to protect the confidentiality, integrity, and availability of Client and end-user data within the MyQCart POS Services. MyQCart™ is a trading name of ORVIK GROUP LTD (Company Registration No. 17333890), a private company registered in England and Wales.
1. Encryption
- All data transmitted between Client devices and MyQCart services is encrypted in transit using industry-standard TLS (Transport Layer Security), version 1.2 or higher.
- Sensitive credentials and authentication data are stored using secure one-way hashing algorithms and are never stored in plain text.
- Where supported by our infrastructure, sensitive information stored at rest is protected using industry-standard encryption.
- MyQCart does not store full payment card numbers, CVV codes or PIN information. Payment processing is handled by PCI DSS compliant third-party payment processors (see Privacy Policy, Section 6).
2. Password and Authentication Controls
- User accounts require passwords meeting minimum complexity requirements.
- Passwords are stored using secure, one-way hashing β never in plain text.
- Passwords are never accessible to MyQCart personnel.
- Password reset requests are verified using appropriate authentication procedures.
- Accounts may be temporarily locked following repeated failed login attempts.
- Where available, Clients are encouraged to enable additional authentication safeguards (e.g., two-factor authentication) offered within the Services.
- Failed login attempts are monitored to detect and mitigate brute-force attacks.
3. Access Controls
- Access to Client data is restricted to authorized MyQCart personnel who require it to perform their role (support, engineering, or account management).
- Access rights are reviewed periodically and removed promptly when no longer required.
- Internal access is logged and subject to periodic review.
- Client accounts include role-based permissions, allowing Clients to control which of their own staff can access sensitive functions (e.g., refunds, reporting, settings).
4. Backups
- Where a Client enables automatic backup in their account settings, cloud-stored data is backed up on a regular schedule as described in the Terms of Service (Section 8).
- Backup restoration procedures are periodically tested where applicable.
- Backup data is stored securely and subject to the same access controls as production data.
5. Vulnerability Management
- We conduct regular malware scanning of our infrastructure.
- Security logs are monitored to help identify unusual or suspicious activity.
- Software dependencies, security updates, and systems are patched and updated on an ongoing basis to address known vulnerabilities.
- Security updates are prioritised based on the severity of identified vulnerabilities.
- We welcome responsible disclosure of security vulnerabilities β please report any suspected issue to support@myqcart.com.
6. Network and Infrastructure Security
- Our hosting infrastructure is protected behind secured networks with restricted access.
- Network security measures include firewalls, intrusion monitoring, secure configuration management and ongoing monitoring designed to detect suspicious activity.
7. Incident Response
- We maintain internal procedures for identifying, assessing, containing, investigating, and recovering from security incidents.
- In the event of a suspected security incident, we investigate promptly and take steps to contain and remediate the issue.
- Where an incident affects personal data, we will notify affected Clients without undue delay, in accordance with our Privacy Policy and applicable law.
- Where required by applicable law, MyQCart will notify affected Clients and relevant supervisory authorities within the legally required timeframes.
8. Client Responsibilities
Security is a shared responsibility. Clients are responsible for:
- Keeping their own account credentials confidential.
- Protecting devices from unauthorized access and using antivirus or endpoint protection where appropriate.
- Installing security updates provided for MyQCart software promptly.
- Maintaining secure passwords and protecting devices used to access the Services.
- Keeping local devices and operating software updated.
- Managing staff access permissions appropriately within the Services.
- Ensuring their own devices and local networks are reasonably secured.
9. Security Reviews
MyQCart periodically reviews its security practices and updates them where appropriate to address evolving threats, regulatory requirements, and technological developments.
10. Business Continuity
MyQCart maintains reasonable business continuity and disaster recovery procedures designed to minimise disruption in the event of a significant operational incident.
11. Governing Law
This Security Policy shall be governed by the laws of England and Wales and should be read together with the MyQCart Terms of Service and Privacy Policy.
12. Changes to This Policy
We may update this Security Policy from time to time to reflect changes in our security practices or for legal or regulatory reasons. The "Last Updated" date above reflects the most recent revision. Continued use of the Services following publication of an updated Security Policy constitutes acceptance of the revised policy.
13. Contact Us
MyQCart™A trading name of ORVIK GROUP LTD
Registered in England and Wales
Company Registration No. 17333890
Registered Office
71–75 Shelton Street
Covent Garden
London WC2H 9JQ
United Kingdom
Phone: +44 7723 353557
Email: support@myqcart.com
Website: https://www.myqcart.com