We have /c/tactics here for OSPEC and protest stuff, it has a decent amount of info on securing your online personas and privacy. I took a look at your site, and the first thing I noticed is that you're using a gmail address - something which I would very much not recommend. You're dealing with the addresses and personal info of leftists, which is something chuds would absolutely love to get their hands on.
I would recommend transferring to a secure email service, enabling two-factor authentication if you haven't already, and NOT keeping a log of the personal info of people's orders from your store. If you were to be hacked at some point, any records you may be keeping of names, addresses, emails, and phone numbers of people who order would be extremely valuable data to right wing groups.
I specifically made the email just answering questions about products. It doesn't contain literally any information beyond the occasional email of someone asking about a specific product. All emails related to actual numbers and orders goes to a different email. I went out of my way to make sure the only thing documented long-term about sales is the bear minimum required for tax purposes. Any emails/addresses/phone numbers/etc are only used for as long as order is active, and is deleted automatically.
Oh shit that sucks, I'm sorry to hear that.
We have /c/tactics here for OSPEC and protest stuff, it has a decent amount of info on securing your online personas and privacy. I took a look at your site, and the first thing I noticed is that you're using a gmail address - something which I would very much not recommend. You're dealing with the addresses and personal info of leftists, which is something chuds would absolutely love to get their hands on.
I would recommend transferring to a secure email service, enabling two-factor authentication if you haven't already, and NOT keeping a log of the personal info of people's orders from your store. If you were to be hacked at some point, any records you may be keeping of names, addresses, emails, and phone numbers of people who order would be extremely valuable data to right wing groups.
I specifically made the email just answering questions about products. It doesn't contain literally any information beyond the occasional email of someone asking about a specific product. All emails related to actual numbers and orders goes to a different email. I went out of my way to make sure the only thing documented long-term about sales is the bear minimum required for tax purposes. Any emails/addresses/phone numbers/etc are only used for as long as order is active, and is deleted automatically.
nice, that's great practice! Glad to hear you're already taking user privacy seriously!