Hidden height From Top

All Categories
Home Stock Sale Buy Leads Marketplace Sell Offer Deal Assist Industry Jobs
Features
Message
Help
  • English
  • हिन्दी
  • العربية(Arabic)
  • 中文 (Mandarin)
  • 中文 (Chinese)
  • 中文 (Chinese - Traditional)
  • Монгол хэл (Mongolian)
  • Français
  • Deutsch
  • Italiano
  • Español
  • Português
  • Bahasa Indonesia
  • Bahasa Malaysia
  • Filipino
  • မြန်မာ (Burmese)
  • 日本語 (Japanese)
  • 한국어 (Korean)
  • Русский
  • Polski
  • Kiswahili
magnifySearch
X
RFQ
Why Join as a Supplier
  • Manage Dashboard
    Access all tools to control your products, leads, and offers.
  • Flexible Memberships
    Choose a plan that fits your scale and goals.
  • Verified Business Leads
    Engage with buyers actively looking for suppliers like you.
Sign In Sign Up
Register as a Buyer
Sign In Sign Up
Hire Talented Professionals
Sign In as Hire Sign Up as Hire
Find Your Dream Job
Sign In as Job Seeker Sign Up as Job Seeker
Shortlist
menu

Security measures

SECURITY MEASURES POLICY

Platform: DealRockets
Operated by: Daz Commerce
Last Updated: [Insert Date]

This Security Measures Policy (“Policy”) describes the administrative, technical, and organizational safeguards implemented by Daz Commerce to protect the confidentiality, integrity, and availability of data processed on the DealRockets Platform (“Platform”). These measures are designed to align with recognized industry standards and applicable data protection laws.

1. INFORMATION SECURITY GOVERNANCE

1.1 Information Security Program (ISP)
Daz Commerce maintains a comprehensive Information Security Program (“ISP”) incorporating:

  • documented security controls,

  • incident response procedures,

  • regular security audits,

  • data protection standards,

  • periodic policy reviews and updates.

1.2 Security Leadership
The ISP is overseen by designated security personnel, including a Chief Information Security Officer (CISO) or equivalent role, responsible for:

  • supervising compliance with laws and standards,

  • monitoring security performance,

  • coordinating internal and external audits,

  • ensuring continuous improvement of security controls.

1.3 Legal & Regulatory Compliance
The ISP is designed to comply with applicable laws such as:

  • GDPR (where applicable),

  • CCPA/CPRA,

  • local data protection laws in relevant jurisdictions,

  • common cybersecurity frameworks (e.g., ISO 27001 principles, NIST best practices).

2. TECHNICAL SAFEGUARDS

2.1 Encryption

2.1.1 Encryption in Transit

  • All communications between User devices and the Platform are encrypted using TLS 1.2 or higher.

  • DealRockets maintains an A rating or equivalent performance on industry-standard SSL configuration tests.

2.1.2 Encryption at Rest

  • Sensitive database fields, including but not limited to password hashes and personal email addresses, are encrypted using AES-256 or equivalent strong cryptographic standards.

  • Passwords are stored using salted, one-way cryptographic hashing algorithms (e.g., bcrypt or Argon2).

2.2 Infrastructure Protection

2.2.1 DDoS Mitigation

Daz Commerce utilizes Cloudflare or comparable edge-network protection to absorb and mitigate Distributed Denial of Service attacks, ensuring stability and availability.

2.2.2 Web Application Firewall (WAF)

A WAF is deployed to continuously monitor and block:

  • SQL Injection (SQLi),

  • Cross-Site Scripting (XSS),

  • Cross-Site Request Forgery (CSRF),

  • file upload attacks,

  • other OWASP Top 10 threats.

2.2.3 Server & Network Hardening

We apply industry-standard practices including:

  • restricted port exposure,

  • hardened configurations,

  • firewall rules,

  • intrusion detection and prevention monitoring.

3. OPERATIONAL SECURITY

3.1 Access Controls

3.1.1 Least-Privilege Access

Access to administrative systems and User data is limited strictly to authorized employees who require such access for business operations.

3.1.2 Authentication Requirements

All administrative access requires:

  • Multi-Factor Authentication (MFA),

  • strong password requirements,

  • periodic forced password rotation.

3.1.3 Role-Based Access Control (RBAC)

System access is granted based on defined job roles to minimize exposure to unnecessary data.

3.2 Logging & Monitoring

3.2.1 Audit Logs

We maintain comprehensive logs of:

  • access to personal data,

  • administrative actions,

  • security-related events (e.g., authentication failures, privilege escalations),

  • data exports or large file downloads.

3.2.2 Log Protection

Audit logs are protected from alteration or unauthorized deletion.

3.3 Vulnerability Management

3.3.1 Automated Scanning

Daz Commerce conducts routine automated vulnerability scans on core infrastructure and applications.

3.3.2 Penetration Testing

Periodic third-party penetration testing is performed to identify vulnerabilities and validate the effectiveness of security controls.

3.3.3 Patch Management

Security patches and critical updates are applied promptly based on severity and risk assessment.

4. USER-SIDE SECURITY RECOMMENDATIONS

While Daz Commerce implements robust internal controls, Users must also adopt responsible security practices.

4.1 Phishing Awareness

Users are informed that:

  • DealRockets will never request login credentials or passwords via email.

  • Attackers may attempt to impersonate DealRockets using spoofed domains or emails.

Users should verify suspicious communications through the official Platform.

4.2 Off-Platform Communication Risks

DealRockets cannot secure or monitor external communication channels such as:

  • WhatsApp,

  • WeChat,

  • personal email,

  • SMS,

  • third-party messaging tools.

Users are strongly advised to:

  • verify supplier identities via video calls before finalizing major contracts,

  • avoid exchanging sensitive information off-platform,

  • use secure payment methods and escrow solutions where appropriate.

4.3 Device Security

Users should maintain updated antivirus software, device encryption, and secure network connections when accessing the Platform.

5. INCIDENT RESPONSE & BREACH NOTIFICATION

5.1 Incident Response Framework

Daz Commerce maintains an Incident Response Plan that includes:

  • detection and classification of incidents,

  • containment measures,

  • forensic analysis,

  • remediation procedures,

  • post-incident review and process improvement.

5.2 Notification Obligations

In the event of a confirmed personal data breach, Daz Commerce will:

  • notify affected Users without undue delay, and

  • notify relevant supervisory or regulatory authorities within 72 hours,
    in accordance with applicable laws.

5.3 Communication Method

Breach notifications may be delivered via:

  • email,

  • in-platform alerts,

  • official announcements on DealRockets’ website or dashboard.

5.4 Limitations

Breach notifications may be delayed only when requested by law enforcement or when necessary to prevent harm, consistent with data protection requirements.

6. LIMITATION OF LIABILITY

This Policy describes security measures adopted by Daz Commerce but does not constitute a warranty against cybersecurity incidents. Users acknowledge that no system can guarantee absolute security. Daz Commerce’s liability is limited in accordance with its Terms of Service.

7. POLICY UPDATES

Daz Commerce reserves the right to modify or update this Security Measures Policy at any time to reflect technological advancements, regulatory changes, or internal improvements.