We take data security seriously and have put measures in-place to try and ensure that your personal information is not stolen or passed on.

• Your password is one-way encrypted, using industry standard algorithms.
• Key items of your personal information are encrypted at database level, again using industry standard algorithms.

• Access to the database is restricted to the GroovyCart application and to technical staff only.
• As your personal data is encrypted, even the technical staff cannot read it.
• The backups are specific to our server set-up and the data remains encrypted.
• All data, including backups, are held in the UK and only accessed by UK staff and are therefore covered by the Data Protection Act.

• We have a Customer Relationship Management (CRM) system for managing customer contacts, such as customers reporting faults.
• Our CRM can only be accessed from our internal network (not the world-wide-web).
• Access to our CRM system is restricted and controlled by user login and roles.
• GroovyCart and our CRM system are synchronised, however only a limited amount of information is passed across.

• Shop-owners have access to necessary information about their customers in order to complete a transaction.

• When making payment transactions to PayPal and Google Checkout we only pass on the bare-minimum amount of information.
• No other information is passed on to any third-party companies.

• We do not hold any credit card information.

• Cookies. In order to use GroovyCart it is necessary to put a small file, called a cookie, onto your computer. This is used maintain the session between your computer and the GroovyCart server. If deleted or removed then it will be re-created next time you use GroovyCart. This cookie does not contain any personal information.

• Your IP address is treated as personal information and is retained for security reasons. We do not give your IP address to third-parties or link it to any other information that could be used to build a profile about you.

• Data retention. GroovyCart has not been running log enough for data retention to become an issue. Because of this data is kept indefinitely.

• From time-to-time, GroovyCart may contact registered users via e-mail with information we think may be of interest. This is not intended to be spam or junk email and you will have the option to opt-out of this service.

• We regularly apply security updates to our Apple Mac Xserve server platform.
• We use Google for our advertising, Google may chose to display adverts tailored to you using data it has collected on you.