Customer Services - Privacy Policy

Data Protection

The owners and operators of this website take the protection of your data very seriously. We treat your data confidentially and according to the legal data protection regulations and this privacy policy.

Data Isolation

Our framework distributes and maintains the cloud space for our customers. Each customer's service data is logically separated from other customers' data using a set of secure protocols in the framework. This ensures that no customer's service data becomes accessible to another customer.

The service data is stored on our servers when you use our services. Your data is owned by you, and not by Zoho. We do not share this data with any third-party without your consent.

Encryption

In transit: All customer data transmitted to our servers over public networks is protected using strong encryption protocols. We mandate all connections to our servers use Transport Layer Security (TLS 1.2/1.3) encryption with strong ciphers, for all connections including web access,API access,our mobile apps, and IMAP/POP/SMTP email client access. This ensures a secure connection by allowing the authentication of both parties involved in the connection, and by encrypting data to be transferred. Additionally for email, our services leverages opportunistic TLS by default. TLS encrypts and delivers email securely, mitigating eavesdropping between mail servers where peer services support this protocol.

We have full support for Perfect Forward Secrecy (PFS) with our encrypted connections, which ensures that even if we were somehow compromised in the future, no previous communication could be decrypted. We have enabled HTTP Strict Transport Security header (HSTS) to all our web connections. This tells all modern browsers to only connect to us over an encrypted connection, even if you type a URL to an insecure page at our site. Additionally, on the web we flag all our authentication cookies as secure.

At rest: Sensitive customer data at rest is encrypted using 256-bit Advanced Encryption Standard (AES). The data that is encrypted at rest varies with the services you opt for. We own and maintain the keys using our in-house Key Management Service (KMS). We provide additional layers of security by encrypting the data encryption keys using master keys. The master keys and data encryption keys are physically separated and stored in different servers with limited access.

Mukhekhe Liquor Website

The Mukhekhe Liquor website is developed on Zoho Commerce and the form used for customer onboarding was developed on Zoho Forms.

This is a safe option as all customer data and Mukhekhe data is stored on the Zoho platform meaning that no customer data is cached on the Mukhekhe website. 

The website and all redirect links, forms, etc. are secure as they are protected by Zoho’s secure data centres. This is a stand out point for using Zoho to build the site and forms as none of the data is at risk of being shared across multiple platforms.

Member Portal

Upon registration, each customer will be enabled with their own unique account details and password registration, all passwords should meet standard complexity requirements of: 8-64 characters(including a numerical value, special character, an uppercase letter) Example: m#P52s@8

Data and payments security at Paystack

The Paystack Card Machines are PCI compliant and adhere to EMV certification.

PCI Compliance

The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organisations that handle branded credit cards from the major card schemes including Visa, MasterCard, American Express, Discover, and JCB.

Find out more here.

EMV Certification

EMVCo exists to facilitate worldwide interoperability and acceptance of secure payment transactions. It accomplishes this by managing and evolving the EMV® Specifications and related testing processes. This includes, but is not limited to, card and terminal evaluation, security evaluation, and management of interoperability issues. Today there are EMV Specifications based on contact chip, contactless chip, common payment application (CPA), card personalisation, and tokenisation.

This work is overseen by EMVCo’s six-member organisations—American Express, Discover, JCB, MasterCard, UnionPay, and Visa—and supported by dozens of banks, merchants, processors, vendors and other industry stakeholders who participate as EMVCo Associates.

Contact Form

If you send inquiries to us via the contact form, your data entered into the contact form, including the stated contact data, is stored for the purpose of dealing with your inquiry and in case of additional inquiries. That data will not be passed on without your permission.

Final Disclaimer

Although we take all kinds of security measures for the protection of personal information, we cannot guarantee complete protection. You provide all personal information at your own risk.