Tiny Saints is a Catholic merchandise company operated by Catholic Ventures DBA Tiny Saints and is located in Irving, Texas. The company sells more than 200 different saint-themed charms along with related products such as stationery, stickers, board books, sidekicks, lanyards, and rosaries. Every product is created with the purpose of giving customers a simple, everyday way to keep the saints close and to remember Catholic faith throughout the normal activities of life. In addition to regular retail sales through the online store, Tiny Saints offers bulk purchasing options, wholesale pricing for larger orders, and a complete online fundraising program that makes it easy for parishes, schools, and ministries to raise money by selling Tiny Saints products to their communities. Tiny Saints does not sell personal information to third parties under any circumstances. This is a firm policy that will not change. Customer data is collected and used only for the specific purposes that are required to run the store properly and to provide the services that customers expect. The only reasons personal information is ever used are to process and fulfill orders, to send order-related updates such as shipping confirmations, to prevent fraud, and, only when a customer has explicitly opted in, to send occasional marketing messages about Tiny Saints products. Nothing else. There is no sharing of customer lists with unrelated companies, no renting of data, and no selling of any personal information for advertising or any other purpose. The personal information that is collected during the normal course of business includes the customer's name, shipping address, billing address, phone number, email address, and payment details. Payment details, especially credit card numbers, are treated with the highest level of care. Credit card information is encrypted the moment it is transmitted and is never stored on Tiny Saints servers in a readable form. In fact, Tiny Saints does not store full credit card numbers at all. All payment processing is handled by a PCI-compliant payment processor that is specifically certified to meet the strictest security standards in the industry. This means that even if someone were to gain unauthorized access to the Tiny Saints systems, they would never be able to retrieve usable credit card information because it simply is not there. In addition to the information that customers provide directly when placing an order, some device and browsing information is collected automatically through cookies and similar technologies. This includes things like IP address, browser type, operating system, the pages viewed on the site, the time spent on each page, and similar data. This information is used only to make sure the website functions correctly, to improve security, and to perform very basic usage analytics so that the store can be improved over time. This data is shared only with the company's e-commerce platform provider and a very small number of trusted service providers who are bound by written contracts to protect the information and to use it solely for the purpose of helping the store operate. These service providers are not allowed to use the data for their own purposes, and they are required to follow the same strict privacy standards that Tiny Saints follows. Tiny Saints does not knowingly collect personal information from anyone under the age of 18. The website and all services are intended for adult use or for minors under direct adult supervision. If it ever comes to light that information has been collected from someone under 18 without proper consent, that information is deleted immediately upon request. Parents or guardians who believe their child may have provided information can contact customer service at any time, and the company will remove the data without delay. Customers always retain full control over their own information. At any time, a customer may opt out of receiving marketing emails simply by clicking the unsubscribe link in any message or by contacting customer service. Customers may also request a complete copy of all the personal data that Tiny Saints holds about them. They may ask for corrections to be made if something is inaccurate, or they may request that their personal information be deleted entirely. The only exception to complete deletion is that records of completed financial transactions must be kept for a limited time to comply with tax and accounting laws, but even in those cases, the information is kept only as long as legally required and is never used for marketing or shared with anyone else. Account security is taken very seriously at Tiny Saints. Multiple layers of protection are in place to make sure that customer accounts remain safe and that only the rightful owner can access them. First, all passwords are one-way hashed using strong cryptographic algorithms. This means that even if someone gained access to the database, they would not be able to see the actual passwords because they are mathematically transformed into a form that cannot be reversed. Not even Tiny Saints staff can view a customer's password. When a customer logs in, secure session cookies are used. These cookies have appropriate expiration times so that if a customer forgets to log out, the session will end automatically after a reasonable period of inactivity. Repeated failed login attempts from the same IP address or with the same email address will trigger an automatic temporary block. This helps prevent brute-force attacks where someone tries to guess a password thousands of times. Similarly, if suspicious activity is detected—such as logins from unusual locations or a sudden spike in activity—the system can flag the account for review and may temporarily lock it until the owner confirms everything is okay. Password resets are handled in a secure, standardized way. When a customer clicks "Forgot Password," the system checks that the email address is associated with an existing account. If it is, a time-limited, single-use reset link is sent to that email address. The link is only valid for a short period—usually a few hours—and can be used only once. When the customer clicks the link, they are taken to a secure page where they can create a new password. The new password must meet minimum strength requirements, typically including a mix of uppercase letters, lowercase letters, numbers, and special characters. After the password is changed, the old session cookies are invalidated, and a notification is sent to the customer so they can verify that the reset was legitimate. If a customer did not request the reset, they are instructed to contact customer service immediately so the account can be secured. Credit card data receives additional protection. As already mentioned, it is encrypted during transmission using industry-standard TLS encryption, and it is never stored in full. During checkout, the site also performs basic fraud screening. If an order appears unusually risky—for example, a very large purchase from a new account using a high-risk IP address—the order may be held for manual review or additional verification may be requested. In some cases, repeated declined cards or suspicious patterns can lead to a temporary block on that card or IP address for a few hours or days. These measures are designed to protect both the customer and the company from fraudulent transactions without unnecessarily inconveniencing legitimate shoppers. Scraping, crawling, or any form of automated data collection from the site is strictly prohibited. The Terms of Service clearly state that attempting to interfere with the security features of the site, creating accounts through automated means, or trying to extract large amounts of data will result in immediate termination of the account and possible legal action. The company reserves the right to refuse service to anyone at any time for any reason, but especially when there is evidence of abuse or attempted security breaches. The underlying e-commerce platform that powers the Tiny Saints store is regularly updated with the latest security patches. The Tiny Saints team also performs ongoing monitoring for unusual activity and works closely with the platform provider to stay ahead of potential threats. While no system can be guaranteed to be 100% secure all the time, every reasonable and industry-standard measure is taken to protect customer accounts and personal information. In summary, Tiny Saints treats every piece of customer information with the highest level of care and confidentiality. Personal data is never sold, never rented, and never shared with unrelated third parties. It is used only for the direct purposes of fulfilling orders, preventing fraud, and, when explicitly allowed, sending optional marketing messages that can be stopped at any time with one click. Payment information is encrypted and handled only by certified processors. Passwords are irreversibly hashed. Logins and password resets are protected by multiple safeguards. Suspicious activity is blocked quickly. Customers always have the right to see, correct, or delete their information upon request. The entire purpose of these strict policies is to give customers complete peace of mind when shopping at Tiny Saints. When someone buys a charm, a rosary, or any other product, they should be able to focus entirely on the spiritual meaning of the item and not have to worry about the safety of their personal or financial information. Tiny Saints takes that responsibility seriously and will continue to maintain these high standards of privacy and security. |
No comments:
Post a Comment
Keep a civil tongue.