0
$0.00

Data Protection Policy

Effective Date: 7 March 2026

Fathom and Fury Cigars (“Fathom and Fury,” “we,” “us,” or “our”) is committed to protecting the confidentiality, integrity, and availability of the personal data we collect and process. This Data Protection Policy describes the principles, technical measures, and organizational practices we use to safeguard customer and website data.

1. Scope and Purpose

This policy applies to:

  • All personal data collected through our website, online store, marketing systems, and support channels.
  • All digital systems, software, and services used to store, process, or transmit that data.

Our goals are to:

  • Protect personal data against unauthorized access, disclosure, alteration, or destruction.
  • Maintain secure and reliable operations for our customers and business.

2. Data Protection Principles

We handle personal data in line with the following principles:

  • Lawfulness and fairness: We collect and use data only for legitimate, disclosed purposes.
  • Data minimization: We collect only the data we need to provide our services and comply with legal obligations.
  • Accuracy: We take reasonable steps to keep data accurate and up to date.
  • Storage limitation: We retain data only as long as necessary for the purposes described in our policies and by law.
  • Integrity and confidentiality: We use technical and organizational measures to protect data from unauthorized or unlawful processing, loss, or damage.

3. Software Maintenance and Updates

To reduce security risks from outdated software, we:

  • Keep our website platform, plugins, themes, and server software updated to current, stable versions.
  • Regularly review and apply security patches released by software vendors and hosting providers.
  • Remove or disable unused plugins, themes, or integrations to limit the system’s attack surface.
  • Periodically audit our tech stack to identify and address potential vulnerabilities.

4. Technical Security Measures

We use a combination of industry‑standard technical controls, which may include:

  • Encrypted connections: Enforcing HTTPS/TLS for all pages to protect data in transit between your browser and our servers.
  • Access controls: Limiting administrative access to authorized personnel and using strong, unique passwords and multi‑factor authentication where possible.
  • Firewalls and filtering: Using server‑level and/or web application firewalls to help block malicious traffic and common attack patterns.
  • Security monitoring: Monitoring for unusual activity, repeated failed logins, or other indicators of unauthorized access attempts.
  • Backups: Maintaining regular backups of critical systems and data to support recovery in case of technical failure, attack, or data corruption.
  • Segregation of payment data: Using trusted third‑party payment processors to handle sensitive card data so that full payment card details are not stored on our systems.

5. Organizational and Administrative Measures

In addition to technical security, we apply organizational practices to protect data, such as:

  • Restricting access to personal data to staff and service providers who need it to perform their duties.
  • Using confidentiality obligations for staff and contractors where appropriate.
  • Providing guidance and expectations regarding secure handling of customer data and login credentials.
  • Defining processes for onboarding and offboarding users with administrative or elevated access.

6. Third‑Party Service Providers

We rely on selected third‑party providers (such as our e‑commerce platform, hosting, payment processors, analytics, and marketing tools) to deliver our services. We:

  • Choose providers that use industry‑standard security practices and have their own data protection and security programs.
  • Share only the data necessary for them to perform their services.
  • Expect these providers to protect data in accordance with applicable laws and their published policies.

7. Data Retention and Disposal

We retain personal data only as long as needed for:

  • Providing our services and fulfilling orders.
  • Meeting legal, accounting, and regulatory requirements.
  • Resolving disputes and protecting our rights.

When data is no longer needed, we take reasonable steps to delete or anonymize it, including:

  • Removing old accounts and records on a scheduled basis where appropriate.
  • Deleting or anonymizing logs and backups in line with retention schedules.

8. Incident Detection and Response

We aim to identify and respond quickly to potential security incidents by:

  • Monitoring systems for suspicious activity or signs of unauthorized access.
  • Investigating alerts and anomalies to determine their impact.
  • Taking prompt remedial steps, such as revoking access, updating credentials, applying patches, or restoring from backups where necessary.
  • Where required by law, notifying affected users and/or regulators of significant data breaches in a timely manner.

9. Your Responsibilities

You also play a role in protecting your data. We encourage you to:

  • Use strong, unique passwords for your account and keep them confidential.
  • Log out of your account on shared or public devices.
  • Keep your own devices and browsers updated and protected with security software.
  • Contact us promptly if you suspect unauthorized access to your account or personal information.

10. Policy Review and Updates

We periodically review and update this Data Protection Policy to reflect:

  • Changes in technology or best practices.
  • Adjustments in our systems, services, or internal processes.
  • Updates in relevant laws and regulations.

When we make material changes, we will update the “Effective Date” above and may provide additional notice where appropriate.

Scroll to Top
0