SECURITY POLICY

Last Updated: January 1, 2026 

Swimandsweat.com (“Swimandsweat,” “Company,” “we,” “our,” or “us”) is committed to maintaining commercially reasonable administrative, technical, and physical safeguards designed to protect the confidentiality, integrity, and availability of information collected through the Swimandsweat website located at www.swimandsweat.com (the “Site”). This Ecommerce Security Policy describes the security practices implemented by Swimandsweat in connection with the operation of its ecommerce services. By accessing or using the Site, users acknowledge that no system for transmitting or storing electronic information can be guaranteed to be completely secure and that Swimandsweat cannot ensure or warrant the absolute security of any information transmitted to or from the Site.

1. Security Program
Swimandsweat maintains an information security program designed to protect the systems and data associated with its ecommerce operations. The Company’s security practices are designed to align with generally accepted industry standards applicable to ecommerce retailers operating within the United States. The purpose of the security program is to maintain the confidentiality of customer information, protect the integrity of ecommerce systems, detect and prevent unauthorized access to information systems, and support the continuity of business operations. Swimandsweat’s security safeguards are implemented using a risk-based approach consistent with commercially reasonable practices commonly used by online retail platforms and digital commerce providers.

2. Payment Transaction Security
Payment transactions conducted through the Site are processed using secure technologies designed to protect payment card information during transmission and processing. Swimandsweat utilizes payment processing systems intended to support compliance with the requirements of the Payment Card Industry Data Security Standard. Payment information transmitted through the Site may be encrypted using industry-standard secure communications protocols. Payment processing services may be provided by independent third-party payment processors that maintain their own security and compliance programs. Swimandsweat does not store full credit card numbers on its ecommerce servers unless such information is securely maintained by a PCI-compliant payment processing provider.

3. Encryption and Secure Communications
The Site employs encryption technologies designed to protect information transmitted between users and Swimandsweat’s systems. Secure communication technologies, including Secure Socket Layer and Transport Layer Security protocols, may be used to protect sensitive data transmitted through the Site. While these technologies are designed to reduce the risk of unauthorized interception or disclosure of information, no method of electronic transmission or internet communication can be guaranteed to be fully secure.

4. Information Protection Measures
Swimandsweat maintains administrative, technical, and operational safeguards intended to protect information collected through the Site from unauthorized access, disclosure, alteration, or destruction. These safeguards may include internal security policies, controlled access to systems and data, employee confidentiality obligations, system monitoring procedures, vulnerability assessments, and the use of technologies designed to prevent unauthorized access or malicious activity. Access to certain categories of information may be restricted to authorized personnel who require such access for legitimate business purposes.

5. Third-Party Technology and Service Providers
Swimandsweat may utilize third-party service providers in connection with the operation of its ecommerce platform, including providers of website hosting services, ecommerce platform technologies, payment processing systems, fraud detection services, analytics tools, cloud infrastructure, marketing systems, and customer communication platforms. These service providers may have access to certain information only to the extent necessary to perform services on behalf of Swimandsweat. While Swimandsweat seeks to engage service providers that maintain commercially reasonable security practices, the Company does not control the independent security policies or operational practices of such third parties.

6. Account Security
Users who create accounts on the Site are responsible for maintaining the confidentiality of their login credentials and for restricting access to devices used to access their accounts. Users agree to notify Swimandsweat promptly if they become aware of unauthorized access to their accounts or any other security breach affecting their credentials. Swimandsweat reserves the right to suspend, investigate, or terminate accounts that appear to be compromised or used for unauthorized purposes.

7. Website Acceptable Use and Anti-Hacking Protections
Users of the Site agree to access and use the Site solely for lawful purposes and in a manner consistent with applicable laws and regulations. Users may not attempt to access the Site or related systems using unauthorized methods or attempt to interfere with the security, operation, or integrity of the Site. Prohibited activities include attempting to gain unauthorized access to accounts, servers, databases, or networks connected to the Site; attempting to bypass authentication or security measures; introducing malicious code, viruses, bots, or automated scripts intended to disrupt Site functionality; engaging in denial-of-service attacks; attempting to scrape or extract data from the Site using automated tools without authorization; or otherwise attempting to compromise the security of the Site or the information of other users. Swimandsweat reserves the right to investigate suspected violations of this policy and may suspend access to the Site or refer such matters to law enforcement authorities where appropriate.

8. Monitoring and Security Enforcement
The Site and related systems may be monitored for purposes of maintaining operational integrity, detecting fraudulent activity, preventing unauthorized access, and protecting the security of ecommerce transactions. Monitoring activities may include system logging, traffic analysis, and automated detection tools designed to identify suspicious or malicious activity. Swimandsweat reserves the right to investigate any activity that appears to violate this policy or that may threaten the security of the Site or its users.

9. Fraud Detection and Transaction Review
Swimandsweat may utilize automated fraud detection systems and manual review procedures designed to identify suspicious ecommerce transactions. These measures are intended to protect customers, payment processors, and the Company from fraudulent activity. Swimandsweat reserves the right to delay, investigate, cancel, or refuse any transaction that appears to involve suspected fraud, unauthorized payment activity, or violations of applicable law.

10. Cybersecurity Incident Response
Swimandsweat maintains procedures designed to identify, investigate, and respond to potential cybersecurity incidents affecting its ecommerce systems. These procedures may include containment of unauthorized access, investigation of suspicious activity, remediation of vulnerabilities, and coordination with technology providers or security professionals where necessary. In the event of a cybersecurity incident involving unauthorized access to certain categories of personal information, Swimandsweat may take actions required under applicable data breach notification laws.

11. Data Breach Notification
Where required under applicable law, Swimandsweat may provide notice of a data security incident to affected individuals, regulators, or other authorities in accordance with applicable data breach notification statutes. Such notifications may occur when personal information is reasonably believed to have been accessed or acquired by unauthorized persons. Swimandsweat’s response to security incidents may vary depending on the nature and scope of the incident and applicable legal requirements.

12. Customer Data Protection
Swimandsweat collects and processes certain categories of customer information in connection with the operation of its ecommerce services. The Company maintains safeguards designed to protect such information from unauthorized access or disclosure. Customer information may be used for purposes including order processing, payment verification, customer support, fraud prevention, regulatory compliance, and business operations. Swimandsweat’s collection and use of personal information is also governed by the Company’s Privacy Policy and applicable consumer protection laws.

13. Data Retention
Swimandsweat may retain customer information for as long as reasonably necessary to fulfill business, legal, accounting, regulatory, or operational requirements. Information may be retained for purposes such as processing transactions, maintaining order history, complying with tax and financial reporting obligations, resolving disputes, detecting fraud, enforcing agreements, and complying with applicable legal requirements. After information is no longer required for these purposes, Swimandsweat may delete, anonymize, or otherwise dispose of such information in accordance with applicable law and internal data management practices.

14. Children's Information
The Site is not directed to children under 13 years of age and Swimandsweat does not knowingly collect personal information from children under thirteen in accordance with the Children's Online Privacy Protection Act. If Swimandsweat becomes aware that personal information has been collected from a child under thirteen without appropriate parental consent, the Company will take reasonable steps to delete such information.

15. Regulatory Compliance
Swimandsweat’s ecommerce security practices are intended to support compliance with applicable United States laws and regulations governing online commerce, consumer protection, and data privacy. These obligations may include requirements arising under Section 5 of the Federal Trade Commission Act, the California Online Privacy Protection Act, and the California Consumer Privacy Act, to the extent such laws apply to businesses operating ecommerce websites that interact with consumers in the United States.

16. Limitation of Security Guarantees
Although Swimandsweat implements security safeguards designed to protect information associated with its ecommerce operations, no system, network, or method of electronic transmission can be guaranteed to be completely secure. Accordingly, Swimandsweat does not warrant or guarantee the absolute security of information transmitted through the Site, and users transmit information at their own risk to the extent permitted by applicable law.

17. Modifications to This Policy
Swimandsweat reserves the right to modify or update this Ecommerce Security Policy at any time. Any changes will be posted on the Site and will become effective upon posting unless otherwise indicated. Continued use of the Site after changes are posted constitutes acceptance of the updated policy.

18. Contact Information
Questions regarding this Ecommerce and Website Security Policy may be directed to Swimandsweat through the contact information provided on the Site.