This online store has been almost a year and a half in the making. From the first day, my #1 priority was to make this the most secure shopping experience possible. Follow the links below to learn about how we process transactions, how we use your information, and the security measures we have taken to make sure you are protected each time you shop with us.Note about store outage on 11/27/2018 and 11/28/2018 How do you protect my credit card information? What information do you use and who do you share it with? Is your online store PCI compliant? What additional security measures have you taken?
To enhance the security of our site, on 11/27/2018 we installed a firewall on our server. At some point between that evening and 11/28/2018, our online store was rendered unusable. The developer contacted the vendor for our firewall, who went to work on the issue. The vendor responded that the firewall's caching levels were set too high, and that this was the cause of the outage. The site's functionality was restored at 4:03 am on 11/29/2018, and 2 hours of additional testing was conducted to ensure that shoppers would once again be able to shop on our store. We apologize to those shoppers who were unable to purchase goods from our store, during this time.
We protect your credit card information by having all payment processing take place on the web server of our secure payment processor Authorize.Net. When you see the web address pictured below:
on the payment page, you will know that you are in the secure payment environment of the most trusted ecommerce payment gateway in the business. Sugar Mountain Nursery does not store, process, or transmit cardholder data on our web servers.
As stated above, we do not store, process, or transmit cardholder data on our servers. To efficiently process your orders, we do retain shipping and contact information related to your orders on our server. Access to your information is strictly limited to people within our business* with a legitimate business need to know (for example our shipping department). The shipping and contact information stored on our server is encrypted both in transmission and in storage, rendering it useless to any outside party in the unlikely event our server's database is compromised.
Yes, although we outsource all online credit card and electronic payment processing to Authorize.Net, as an ecommerce merchant we are still subject to PCI compliance requirements within our business. Our online store falls under the PCI DSS SAQ A scope, and we are fully compliant.
We have a multilayered security program. The web application that drives our online store was developed using the most current best practices for online security and safety. We have automated, daily malware scans and a Sucuri Firewall. Adding multiple layers of security helps ensure that our customers are protected from the second they enter our site all the way through the checkout process, each and every time.