Data Protection and Security Policy

Last updated: March 31, 2026

Serenity Scrolls is committed to protecting customer information and limiting the collection, use, storage, and sharing of personal data to what is necessary for legitimate business operations, order fulfillment, customer support, fraud prevention, and legal compliance.

1. Purpose

This Data Protection and Security Policy describes the measures we use to protect customer data handled through our website, ecommerce systems, fulfillment workflows, and support operations.

2. Data Minimization

We collect and process only the personal information reasonably necessary to:

  • Accept and process customer orders
  • Fulfill and deliver purchases
  • Communicate order status and support information
  • Process returns, refunds, or disputes
  • Detect fraud and misuse
  • Comply with legal and tax obligations

We do not request or retain personal information that is not required for these purposes.

3. Restricted Access

Access to customer data is restricted to authorized personnel who require access to perform legitimate business functions.

Our access controls are based on the following principles:

  • Unique user accounts
  • Least-privilege access
  • Role-based access where possible
  • Prompt removal of access when no longer required
  • Review of privileged access on a regular basis

4. Account and Authentication Controls

To protect systems containing customer information, we use security controls such as:

  • Strong passwords
  • Multi-factor authentication where supported
  • Restricted administrative access
  • Secure credential storage
  • Monitoring for unauthorized access attempts

5. Encryption and Secure Transmission

We protect customer information using appropriate safeguards, including:

  • HTTPS and encrypted transmission where supported
  • Encrypted storage or encrypted service-provider infrastructure where applicable
  • Secure handling of credentials and sensitive system information

6. Fulfillment and Shipping Data

For order fulfillment, we may share shipping-related personal information, such as:

  • Recipient name
  • Shipping address
  • Phone number
  • Email address where required

This information is shared only with approved service providers and fulfillment partners for the purpose of processing, packing, shipping, delivery support, fraud prevention, and legal compliance.

7. Data Retention

We retain customer information only as long as necessary for business, fulfillment, support, tax, legal, and operational purposes.

Where possible, shipping-related personal information is retained for a limited period after order completion and then deleted, anonymized, or securely archived based on operational need and legal requirements.

8. Logging and Monitoring

We maintain reasonable monitoring and logging practices to help identify:

  • Unauthorized access attempts
  • Suspicious account activity
  • Service misuse
  • Operational issues affecting order processing and customer data

Logs are reviewed and retained according to our internal operational and security practices.

9. Service Providers

We may use third-party vendors to support website hosting, ecommerce, payments, shipping, analytics, security, and customer support. These providers are expected to handle data only as necessary to provide their contracted services.

10. Backups and Recovery

We maintain reasonable backup and recovery practices to protect business continuity and reduce the risk of accidental data loss, subject to the capabilities of our hosting and service providers.

11. Incident Response

If we become aware of unauthorized access, misuse, or disclosure of customer information, we will investigate the matter, take reasonable steps to contain and remediate the issue, and provide notifications where required by law or contractual obligation.

12. Policy Updates

We may revise this Policy from time to time to reflect changes in our operations, technology, legal requirements, or service providers. Any updates will be posted on this page with a revised "Last updated" date.

13. Contact

For questions about our data protection and security practices, contact:

Serenity Scrolls
Email: info@serenityscrolls.faith

← Back to Home