FAQ

  1. Information TransmissionSecurity

Protecting your credit card and personal information is very important to us.

We ensure the privacy and security of the data you enter by using enabled TLS (Transport Layer Security) certificates (sometimes also referred to as SSL certificates - Secure Socket Layer certificates).

TLS is an encryption protocol used to protect Internet communication and is the most secure and reliable industry standard for the internet. TLS certificates ensure that your credit card or personal information data is transmitted to us privately and is not modified, lost, intercepted, read, or stolen during the transmission process.

How to check if the current website has an enabled TLS certificate? When the browser address bar shows a padlock or key icon next to the URL that starts with https:// (depending on your browser), it means that the website has an enabled TLS certificate.

You don't have to worry about our online store. We will always ensure that TLS is active. Even if you use the original Ruovu URL, you will be automatically redirected to our encrypted online store. And once your transaction is completed, we will not store your credit card information, ensuring that your credit card number cannot be obtained from Ruovu.

  1. CVV - Credit Card Fraud Prevention

To make your shopping experience as secure as possible, we require you to enter the 3 or 4-digit security code (CVV) of your credit card. As this code can only be found on the card itself, providing it helps prevent credit card fraud. For Discover, MasterCard, and Visa, the CVV is a 3-digit number located on the back of the credit card. For American Express cards, the CVV is a 4-digit number located on the front of the credit card.

  1. Credit Card Transaction Security

We highly value the security of your information. To ensure the security of your personal information, payment information, and business data, our store has obtained PCI DSS Level 1 Compliance. Payment Card Industry Data Security Standard (PCI DSS) is a security standard for organizations that store, process, or transmit credit card information. The standard aims to enhance control over payment data to reduce fraud. Our compliance standards cover six PCI standards objectives:

- Maintain network security continually

- Protect cardholder data

- Continually execute a vulnerability management plan

- Implement strong access control

- Monitor and test networks regularly

- Persistently enforce information security policies

Additionally, our PCI DSS Level 1 Compliance includes external AVS vulnerability scanning. The Address Verification System (AVS) compares the numerical part of your billing address and postal code with the information on the credit card issuer's file. If the information does not match, you will not be able to complete the order payment. To resolve this issue, please contact us.

  1. Service Trust and Security

For the services we provide to you, Ruovu complies with published SOC 3 and SOC 2 Type II reports. Service Organization Control (SOC) reports are assessments of a company's information systems by third-party auditors, demonstrating compliance with a set of independent standards, including those related to the security and availability of its services.

This indicates that we have met the Trust Service Criteria (TSC) determined by the American Institute of Certified Public Accountants (AICPA) Audit Standards Committee.

  1. Security Fraud Alerts

A common internet scam is known as "phishing" or "online fraud." When you receive an email, text message, or phone call from what appears to be a legitimate source, requesting personal information, you must be cautious. Please note that Ruovu will never request verification of credit card, bank, or any other personal information through email, text, phone, or various social media channels. If you receive what appears to be a message from us requesting such information, please do not reply or click on any links in the message. Instead, forward the source to us, as we will investigate all potential internet fraud to protect your information and assets.

  1. Physical Security

All our data is stored in the servers of a data center that has obtained industry-standard security certifications. The data center is protected by perimeter and multilayer security areas, including alarms, closed-circuit television monitoring, around-the-clock on-site security personnel, multiple recognitions, restricted areas, and physical locks.The hard drives will not leave the data center; they will be securely destroyed at the data center. Our servers are hosted in data centers certified with the following:

-Tier III,

-International Information Security Standard (ISO 27001)

-Payment Card Industry Data Security Standard (PCI DSS).

  1. Other Security Elements

Our store's security controls include many basic security features, such as:

- Regularly conducting third-party vulnerability scans and penetration tests to identify and address potential security vulnerabilities

- Production engineering team continuously monitoring server and application performance

- Systems designed for rapid data recovery in the event of a disaster. Backup recovery is tested daily

- We have formal incident response and resolution processes

- Employee devices managed centrally to implement and enforce security measures as per security policy

- Ruovu implements role-based access control according to the principle of least privilege

- Compliance with independent audit reports (e.g., SOC 2 Type II) to assist in annual security audits

- Employees receive information security awareness training and adhere to confidentiality obligations

  1. Other Issues

Unfortunately, we all know that there is no internet transmission method or electronic storage method that can be 100% secure. This means that we cannot guarantee the absolute security of your personal information. If you have questions about the above security policy or any other security issues, please contact us.