Bloomgroove cares about your security

Here’s how we protect your data and transactions

Bloomgroove is dedicated to creating trustworthy shopping experiences and for that purpose we have invested significant resources to make our service fully PCI compliant, in an effort to keep your data and transactions as safe as possible.

What does it mean to be PCI compliant?

PCI (Payment Card Industry) Security Standards Council is a global network for development and implementation of security standards. This council was created from PCI DSS (Data Security Standard), which is a set of rules made to ensure that all companies that process, store and transmit credit card information maintain a secure environment.

PCI DSS is managed by the PCI SSC, an independent entity created by the likes of Visa, MasterCard, American Express, Discover and JCB.

For further reading, please refer to the PCI DSS document library.

In layman terms, by being PCI compliant, Bloomgroove ensures that:

  • The website and its services are located on a secure network. To be precise, the connection to this site is encrypted and authenticated using TLS 1.2 (a strong protocol), ECDHE_RSA with X25519 (a strong key exchange), and AES_128_GCM (a strong cipher).
  • The cardholder data is fully protected. We identify all locations and flows of cardholder data to ensure all applicable system components are included in scope for the PCI Data Security Standard.
  • A complete vulnerability management program is in place. Bloomgroove’s vulnerability management program relies on scanning and reviewing inventory management, patch management, application security and optimizing risk management processes.
  • An Information Security Policy is maintained. We pay close attention to safeguarding availability, confidentiality and integrity for all respective users.
  • Strong Access Control Measures are implemented. We ensure that security policies and operational procedures for restricting access to cardholder data are documented, in use, and known to all affected parties.
  • All networks are carefully monitored and tested. We actively monitor all our networks for security threats, and keep a detailed record of all activity related to system components that handle credit card data.

For more information on your data and security contact us.