Security Policy

Security Policy

Last updated: 15.02.2026

1. Our Commitment to Security

At mypresta.rocks, we take the security of your PrestaShop store seriously. This policy describes how we handle security in our modules, services, and any interactions with your store environment.

2. Module Security Standards

All modules developed by mypresta.rocks follow these security practices:

• Input Validation: All user inputs are validated and sanitized to prevent SQL injection, XSS (Cross-Site Scripting), and other common attack vectors.
• PrestaShop Security Framework: Our modules use PrestaShop's built-in security functions including pSQL(), Validate class methods, CSRF token verification, and proper escaping.
• No External Calls Without Purpose: Our modules do not make unauthorized external HTTP requests. Any outbound connections (e.g., license verification, update checks) are clearly documented and serve a specific, transparent purpose.
• No Backdoors: Our code contains no hidden access points, no obfuscated code, and no undisclosed data collection mechanisms.
• Minimal Permissions: Modules request only the database tables, hooks, and permissions they actually need to function.
• Regular Updates: We actively maintain our modules and release security patches when vulnerabilities are discovered.

3. Data Handling — What We Do NOT Process

When interacting with your store (including remote support, debugging, or module configuration), we do NOT access, collect, process, or store:

• Customer personal data (names, emails, phone numbers, addresses)
• Payment information (credit card numbers, bank details, transaction records)
• Customer passwords or authentication credentials
• Order contents or purchase history of individual customers
• Any data protected under GDPR, CCPA, or other privacy regulations as personal data

4. Data Handling — What We MAY Process

When providing support or services, the only information we may access is store configuration data, specifically:

• PrestaShop version and PHP version
• Module list and version numbers (installed/active modules)
• Theme name and configuration
• Server environment details (web server type, MySQL version, memory limits)
• Store settings relevant to module functionality (e.g., multi-store configuration, currency settings, language configuration)
• Module-specific configuration values
• Error logs and debug output related to module operation
• Database table structure (schema) related to our modules — NOT the data within customer/order tables

This information is used exclusively to diagnose issues, provide support, and ensure module compatibility. It is not shared with third parties, not used for marketing, and not retained beyond the support interaction unless needed for ongoing case resolution.

5. Remote Access & Support Sessions

If you grant us access to your store's back office or server for support purposes:

• Access is used solely for the stated support purpose
• We recommend creating a dedicated temporary employee account with limited permissions
• We recommend you revoke access (delete the employee account or change credentials) after the support session is complete
• We do not retain your access credentials after the session
• We will never access areas of your store unrelated to the support request
• Any changes made during the session will be communicated to you

6. Demo & Trial Environments

For our on-demand demo shops (demo.mypresta.rocks):

• Demo environments are isolated and temporary
• No real customer data is present in demo stores
• Demo shops may be monitored for abuse prevention
• Data entered into demo shops is not backed up and may be deleted at any time
• See our On-Demand Demo Shop Terms for full details

7. License Verification

Some modules may include a license verification mechanism that transmits:

• Your store's domain name
• The module version installed
• The license key

This is used only to verify license validity. No other data is collected through this mechanism.

8. Vulnerability Reporting

If you discover a security vulnerability in any of our modules, please report it to us immediately at contact@mypresta.rocks. We take all reports seriously and will:

• Acknowledge receipt within 24 hours
• Investigate and assess the severity
• Develop and release a patch as quickly as possible
• Notify affected customers if the vulnerability poses a significant risk

We appreciate responsible disclosure and ask that you do not publicly share vulnerability details until a fix is available.

9. Third-Party Services

Our modules do not integrate with third-party analytics, tracking, or advertising services unless explicitly stated in the module description. If a module integrates with a third-party service (e.g., a shipping carrier API, payment gateway), this is always clearly documented and requires your explicit configuration.

10. Your Responsibilities

While we design our modules with security in mind, you are responsible for:

• Keeping your PrestaShop installation and all modules updated to the latest versions
• Using strong passwords for all back office accounts
• Maintaining regular backups of your store
• Reviewing and configuring module settings appropriately for your environment
• Testing modules in a staging environment before deploying to production
• Revoking any temporary access granted for support purposes

11. Contact

For any security-related questions or concerns, contact us at contact@mypresta.rocks.