Elevate Tech Logo

Website Security and Fraud Prevention Policy

Elevate Tech Limited Registration Number: 2025/742289/10 Website: https://store.elevatetech.biz Support Email: support@elevatetech.biz Information Officer: Wade Wareing — wade@elevatetech.biz

Effective Date: 3 June 2026 Version: 1.0

1. Introduction

1.1 This Website Security and Fraud Prevention Policy ("Policy") describes the measures Elevate Tech Limited ("Elevate Tech", "we", "us" or "our") takes to protect the security of the website at https://store.elevatetech.biz (the "Website") and our customers, and to prevent and respond to fraud. It also sets out your responsibilities.

1.2 This Policy forms part of, and must be read together with, our Terms and Conditions of Sale and Website Use, our Acceptable Use Policy and our Privacy Policy.

1.3 Security is a shared responsibility. We implement appropriate measures on our side, and you must take appropriate measures on yours.

2. Our Security Measures

2.1 We implement appropriate, reasonable technical and organisational measures designed to protect the Website, our systems and personal information, including:

(a) encryption of data in transit using industry-standard transport security (for example, HTTPS/TLS); (b) secure authentication and session management, with access controls based on the principle of least privilege; (c) firewalls, network segmentation, intrusion detection and monitoring; (d) logging and audit trails of relevant security events, including login records and website activity; (e) secure software development, patching and vulnerability management; (f) regular backups and tested recovery procedures; (g) protection against common web-application threats; and (h) physical and environmental security at the facilities used to host or store data.

2.2 These measures are described at a general level for security reasons. We do not publish detailed information about our security architecture where doing so could compromise its effectiveness.

3. Payment Security

3.1 Payments are processed through the Paystack payment gateway. Card payments are handled by Paystack in accordance with applicable payment-industry security standards.

3.2 Elevate Tech does not store full payment card data on its systems. Sensitive card data is collected and processed by the payment gateway, not by us.

3.3 We may apply additional verification and risk-screening to payments and Orders to detect and prevent fraudulent transactions, and may decline, hold or cancel an Order or payment that fails such screening.

4. Fraud Prevention and Detection

4.1 We monitor for, and take steps to prevent and detect, fraudulent and unlawful activity, including:

(a) verifying customer identity, trade status, eligibility and payment details; (b) screening Orders and payments for indicators of fraud; (c) monitoring account activity for unusual or suspicious behaviour; (d) holding, verifying or declining Orders pending verification; and (e) co-operating with payment providers, banks, law enforcement and regulators.

4.2 We may, in our reasonable discretion and without liability to you (to the maximum extent permitted by law):

(a) request additional information or documentation to verify an Order, account or payment; (b) delay, suspend, hold or cancel any Order or payment we reasonably suspect to be fraudulent, unauthorised or unlawful; (c) suspend, restrict or terminate an account; and (d) report suspected fraud or unlawful conduct to the relevant authorities.

4.3 Where an Order is cancelled or reversed due to suspected fraud, any payment received in respect of cancelled Goods will be refunded to the verified, legitimate payment source, subject to the completion of our investigation.

5. Your Responsibilities

5.1 You play an important role in keeping your account and transactions secure. You must:

(a) keep your account credentials confidential and not share them; (b) use strong, unique passwords and change them if you suspect they have been compromised; (c) ensure that the devices you use to access the Website are secure and protected against malware; (d) log out of your account when finished, particularly on shared or public devices; (e) keep your contact and business details accurate and up to date so that we can reach you about security matters; and (f) notify us immediately at support@elevatetech.biz of any actual or suspected unauthorised access to your account, or any suspected fraud.

5.2 You must not engage in any of the prohibited conduct described in the Acceptable Use Policy, including attempts to gain unauthorised access, interfere with security, or test the Website's vulnerabilities without authorisation.

6. Phishing and Impersonation

6.1 We will never ask you for your password by email or telephone. Beware of "phishing" messages that impersonate Elevate Tech and ask you to disclose credentials, payment details or banking information, or to make payment to an account other than the bank account reflected on a valid Elevate Tech invoice.

6.2 Banking-detail verification. Our banking details do not change frequently. If you receive a communication purporting to change our banking details, do not act on it without independently verifying it with us using known, trusted contact details. We are not liable for any loss arising from payments made to an incorrect account where you did not verify the details with us.

6.3 If you receive a suspicious communication purporting to be from Elevate Tech, do not click links or open attachments, and report it to support@elevatetech.biz.

7. Security Compromise Notification

7.1 Where there are reasonable grounds to believe that personal information has been accessed or acquired by an unauthorised person, we will notify the Information Regulator and affected data subjects as soon as reasonably possible after discovery and establishment of the scope of the compromise, in accordance with section 22 of the Protection of Personal Information Act 4 of 2013, as further described in our Privacy Policy.

8. Responsible Disclosure of Vulnerabilities

8.1 If you discover a security vulnerability in the Website, we encourage you to report it responsibly to support@elevatetech.biz. Please:

(a) provide sufficient information to allow us to reproduce and assess the issue; (b) give us a reasonable opportunity to investigate and remediate before any public disclosure; and (c) not access, modify or delete data that is not your own, not degrade our services, and not violate the privacy of others.

8.2 We will not pursue action against security researchers who act in good faith, comply with this clause and the Acceptable Use Policy, and do not cause harm. This clause does not authorise testing or scanning that is not covered by clause 8.1, which remains prohibited under the Acceptable Use Policy.

9. Third-Party Providers

9.1 We use third-party service providers (including for hosting, payments, logistics and analytics) that maintain their own security measures. While we take reasonable steps to engage reputable providers and to bind operators to appropriate obligations, we are not responsible for the security practices of third parties beyond our control.

10. Limitations

10.1 No system is completely secure. While we implement appropriate measures, we cannot guarantee that the Website, our systems, or any transmission will be entirely secure or free from unauthorised access. To the maximum extent permitted by law, and subject to the carve-outs in our Disclaimer and Limitation of Liability Policy, we are not liable for any loss or damage arising from unauthorised access, security incidents, or fraud that occurs despite our reasonable measures, including where attributable to your failure to comply with clause 5.

11. Enforcement

11.1 We may take any action permitted under this Policy, the Acceptable Use Policy and the Terms and Conditions of Sale and Website Use in response to a security or fraud incident, including suspension or termination of access, cancellation of Orders, and reporting to authorities.

12. Amendments

12.1 We may amend this Policy from time to time. The updated version will be published on the Website with a revised "Effective Date" and "Version". Your continued use of the Website after publication constitutes acceptance of the amended Policy.

13. Governing Law and Dispute Resolution

13.1 This Policy is governed by the laws of the Republic of South Africa.

13.2 Any dispute arising from this Policy is subject to the dispute resolution and jurisdiction provisions of our Terms and Conditions of Sale and Website Use (negotiation, then mediation, then arbitration in Cape Town under AFSA rules, with the non-exclusive jurisdiction of the Western Cape Division of the High Court). Privacy-related complaints may be referred to the Information Officer and the Information Regulator.

14. Contact Details

To report a security or fraud concern, or for any query relating to this Policy, please contact:

This Website Security and Fraud Prevention Policy should be read together with the Acceptable Use Policy, the Privacy Policy and the Terms and Conditions of Sale and Website Use.