Effective Date: 05/05/2025
Version: 1.0
Applies to: All Dealnox Tech websites, services, and systems
1. Purpose
This policy defines how Dealnox Tech collects, transmits, and protects payment card data to ensure confidentiality, integrity, and compliance with industry standards.
2. Scope
Applies to all employees, contractors, and third-party service providers who handle or transmit payment card information on behalf of Dealnox Tech.
3. Data Collection
When you place an order through our website, we collect only the information necessary to process your transaction, including:
Customer name
Email address
Billing address (including zip/postal code and country)
Payment card details (PAN, expiry date, cardholder name)
All other personal data is captured under our main Privacy Policy.
4. Secure Transmission of Payment Data
SSL/TLS Encryption
All pages that collect or transmit payment card data are served over HTTPS with TLS 1.2+ encryption.
We use certificates from a trusted Certificate Authority and enforce HSTS to prevent downgrade attacks.
End-to-End Encryption
Payment card details entered on our checkout forms are encrypted in the browser before being sent to our servers.
Data remains encrypted in transit until it reaches the designated Payment Gateway.
5. Payment Gateway Integration
We partner with a PCI-DSS–compliant Payment Gateway to process all card transactions.
Credit card data is never stored on Dealnox Tech’s servers or databases.
The Payment Gateway handles authorization, settlement, and tokenization under its own stringent security and privacy policies.
6. Multi-Layered Security Controls
To bolster protection, we implement additional safeguards:
Network Segmentation: Isolating payment processing systems from other corporate networks.
Access Controls: Role-based access with strong authentication for any platform handling card data.
Regular Vulnerability Scanning & Penetration Testing: Quarterly scans and annual pen tests to identify and remediate weaknesses.
7. Data Retention & Disposal
We retain only non-sensitive billing data (e.g., zip code, country) necessary for tax and compliance purposes.
All transient payment data is purged immediately after successful transaction tokenization.
Any logs or records that contain cardholder data are retained no longer than 90 days and are securely deleted thereafter.
8. Compliance & Auditing
Dealnox Tech maintains compliance with:
PCI-DSS Requirements for service providers
Applicable data protection regulations (e.g., GDPR) regarding cross-border transfers and data subject rights
We conduct annual compliance audits and address any findings within our remediation timelines.
9. Your Consent & Rights
By submitting payment information on our site, you consent to the collection and encrypted transmission practices described herein. For questions about how we handle your data or to exercise your data rights, please see our main Privacy Policy or contact us at privacy@dealnox.io
10. Policy Review
This policy is reviewed at least annually or upon significant changes to our payment processing environment. All updates will be published on our website with a revised “Last Updated” date.