Cornershop and Privacy: What we do with your data and sensitive information

Cornershop takes data security seriously. We treat your confidential and sensitive information with the same level of security that we would want for our own data. The following provides details on how we provide that security and what measures Cornershop takes to ensure your data is secure and private. 

Website Security

To make sure your site is secure and stable, we implement several security practices and monitoring services. Most importantly, we focus on updating plugins regularly, and use the Wordfence security plugin for its firewall and two-factor authentication features. On sites with high traffic, we have additional recommendations that can be applied, such as Cloudflare’s web application firewall and Bot Fight Mode.

Firewalls use rulesets maintained by security experts to detect and block malicious activity of all kinds. Wordfence is specifically geared toward WordPress sites, so its ruleset is designed to handle common WordPress attack vectors, including known security holes in older plugins, and any new unpatched exploits that might be discovered in the WordPress platform.

Two-factor authentication prevents attackers from logging into your site even if they manage to steal or guess your password.

Learn more about our website security practices through the following links: 

Personal Security

All files provided to Cornershop are stored in a secure Google Drive folder that is only accessible to our team. We use 1Password to store passwords and credentials provided to Cornershop. This data is encrypted, and only people working on that project have access to your data, as well as our management and IT teams

In addition, all employees are expected to keep the highest security standards on their Cornershop provided computers, including:

  • Keeping all software up to date

  • Practicing good password management

  • Not leaving devices unattended

  • Having a password on the computer

  • Not sending sensitive data (including passwords) over email unless encoded via an expiring password service

  • Not storing data on temporary or removable drives

Additionally, all employees have attended or viewed at least one security training by an outside security preparedness vendor.

Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.