Bud Club

Fast Discreet Shipping Straight to Your Door - Free Shipping on order $100 and over Fast Discreet Shipping Straight to Your Door - Free Shipping on order $100 and over Fast Discreet Shipping Straight to Your Door - Free Shipping on order $100 and over Fast Discreet Shipping Straight to Your Door - Free Shipping on order $100 and over Fast Discreet Shipping Straight to Your Door - Free Shipping on order $100 and over Fast Discreet Shipping Straight to Your Door - Free Shipping on order $100 and over Fast Discreet Shipping Straight to Your Door - Free Shipping on order $100 and over Fast Discreet Shipping Straight to Your Door - Free Shipping on order $100 and over Fast Discreet Shipping Straight to Your Door - Free Shipping on order $100 and over
Fast Discreet Shipping Straight to Your Door - Free Shipping on order $100 and over Fast Discreet Shipping Straight to Your Door - Free Shipping on order $100 and over Fast Discreet Shipping Straight to Your Door - Free Shipping on order $100 and over Fast Discreet Shipping Straight to Your Door - Free Shipping on order $100 and over Fast Discreet Shipping Straight to Your Door - Free Shipping on order $100 and over Fast Discreet Shipping Straight to Your Door - Free Shipping on order $100 and over Fast Discreet Shipping Straight to Your Door - Free Shipping on order $100 and over Fast Discreet Shipping Straight to Your Door - Free Shipping on order $100 and over Fast Discreet Shipping Straight to Your Door - Free Shipping on order $100 and over
Search
Order Now
Fast Discreet Shipping Straight to Your Door - Free Shipping on order $100 and over Fast Discreet Shipping Straight to Your Door - Free Shipping on order $100 and over Fast Discreet Shipping Straight to Your Door - Free Shipping on order $100 and over Fast Discreet Shipping Straight to Your Door - Free Shipping on order $100 and over
Fast Discreet Shipping Straight to Your Door - Free Shipping on order $100 and over Fast Discreet Shipping Straight to Your Door - Free Shipping on order $100 and over Fast Discreet Shipping Straight to Your Door - Free Shipping on order $100 and over Fast Discreet Shipping Straight to Your Door - Free Shipping on order $100 and over

INFORMATION SECURITY POLICY

Last updated: July 7, 2025

Effective: July 3, 2025

BUD CLUB MEDIA, LLC

6135 Park South Drive Ste 510

Charlotte, NC, 28210

https://budclubshop.com/contact

 

Contents

Introduction 3

Information Security Policy 3

  1. Network Security 4
  2. Acceptable Use Policy 4
  3. Protect Stored Data 4
  4. Information Classification 5
  5. Access to Sensitive Cardholder Data 5
  6. Physical Security 6
  7. Protect Data in Transit 6
  8. Disposal of Stored Data 7
  9. Security Awareness and Procedures 7
  10. Credit Card (PCI) Security Incident Response Plan 8
  11. Transfer of Sensitive Information Policy 12
  12. User Access Management 12
  13. Access Control Policy 13
    Appendix A – Agreement to Comply Form 15
    Appendix B – List of Devices 16
    Appendix C – List of Third-Party Service Providers 17
    Appendix D – Stand-Alone & P2PE POI Management Policy 18
    Appendix E – eCommerce Configuration & Hardening Policy 19

 

Introduction

This Policy encompasses all aspects of security surrounding confidential BudClub Media, LLC information and must be distributed to all BudClub employees and contractors. All personnel must read this document in its entirety and sign the acknowledgement form confirming they fully understand the policy. Management reviews and updates this document annually, or sooner if new security standards require.

 

Information Security Policy

BudClub handles sensitive information daily. Adequate safeguards must protect account data—including cardholder data and customer privacy—to ensure regulatory compliance and safeguard the future of the organisation.

BudClub commits to maintaining a secure environment for processing cardholder information. Employees handling sensitive data shall:

  • Handle BudClub information according to its sensitivity and classification.
  • Limit personal use of company information systems and ensure it does not interfere with job performance.
  • Recognise that BudClub reserves the right to monitor, access, review, audit, copy, store, or delete any electronic communications, equipment, systems, and network traffic for any purpose.
  • Refrain from using company resources for offensive, discriminatory, defamatory, harassing, or illegal activities.
  • Protect sensitive account data, including cardholder information.
  • Keep passwords and accounts secure.
  • Obtain management approval before installing new software or hardware or establishing third-party connections.
  • Leave desks clear of sensitive data and lock computer screens when unattended.
  • Report information-security incidents without delay to the designated incident-response contact.
  • Attend annual security-awareness training.

1. Network Security

A high-level network diagram of the cardholder-data environment (CDE) is maintained and reviewed annually. Approved Scanning Vendor (ASV) scans are performed quarterly (every 90–92 days) and evidence retained for 18 months. For e-commerce, scans include any redirect/iFrame servers.

2. Acceptable Use Policy

  • Employees must exercise good judgment regarding personal use.
  • Prevent unauthorised access to confidential data, including cardholder data.
  • Keep passwords secure and do not share accounts.
  • All workstations require password-protected screen-savers.
  • Device inventory (Appendix B) is maintained and inspected for tampering or substitution.
  • Exercise caution with email attachments from unknown senders.

Address: 15030 Ventura Blvd, Unit 214, Sherman Oaks, CA 90016

3. Protect Stored Data

  • BudClub does not store electronic PAN or sensitive authentication data.
  • Any hard-copy card data is protected and destroyed when no longer needed.
  • If PAN must be displayed, mask to first six and last four digits.
  • Never store magnetic-stripe data, CVV2/CVC2/CID, or PIN/PIN block.

4. Information Classification

  • Confidential – legal/financial data, cardholder data.
  • Internal Use – proprietary but not confidential.
  • Public – freely distributable.

5. Access to Sensitive Cardholder Data

  • Access is limited to those with legitimate business need.
  • Display of PAN limited to first six and last four digits.
  • A list of approved third-party service providers is maintained (Appendix C).
  • Due-diligence processes ensure TPSP PCI DSS compliance.

6. Physical Security

  • Media containing sensitive data is physically restricted.
  • Visitors are escorted in secure areas.
  • Device list includes make, model, location, and serial number.
  • POS/POI devices are inspected for tampering.

7. Protect Data in Transit

  • Card data is never sent via clear-text email or chat.
  • Strong encryption (TLS 1.2+, AES, PGP) required for authorised transmissions.
  • Physical transport of sensitive media must be logged and sent via secure courier.

8. Disposal of Stored Data

  • Data is securely destroyed when no longer required.
  • Electronic media is degaussed or wiped; paper is cross-cut shredded.

9. Security Awareness and Procedures

  • Policy distributed to all employees; acknowledgement retained (Appendix A).
  • Background checks performed within legal limits.
  • Third parties accessing card data must contractually comply with PCI DSS.
  • Policies reviewed annually.

10. Credit Card (PCI) Security Incident Response Plan

  • PCI Response Team includes CIO, Information Security Officer, Risk Manager, etc.
  • Incidents are reported immediately and investigated; affected parties and card brands are notified per their requirements.
  • Detailed steps for Visa, MasterCard, Discover, and American Express are included.

11. Transfer of Sensitive Information Policy

  • Third-party companies must have SLAs and comply with BudClub security policies and PCI DSS.

12. User Access Management

  • Formal user-registration process; unique IDs; least-privilege principle.
  • Accounts disabled immediately upon termination.

13. Access Control Policy

  • Active Directory enforces complex passwords (min 8 chars, changed every 90 days).
  • Privileged access requires dual authorisation.
  • Remote access follows approved Remote Access Policy.

 

Appendix A – Agreement to Comply Form

(Employee acknowledgment form.)

 

Appendix B – List of Devices

(To be populated.)

 

Appendix C – List of Third-Party Service Providers

Service Provider Contact Details Services Provided PCI DSS Compliant Validation Date
Clover (Fiserv)
https://www.clover.com / Support
Payment gateway & merchant processing
Yes (Level 1)
Dec 2024
Hostinger International Ltd.
https://www.hostinger.com / support@hostinger.com
Managed e-commerce web hosting
Shared hosting – merchant responsible for securing environment
N/A
Automattic Inc. – WooPayments
https://woocommerce.com / help@woocommerce.com
Embedded gateway plugin
Yes (Level 1)
Mar 2025
Apple Inc. (Apple Pay)
https://developer.apple.com/apple-pay/
Digital wallet & tokenisation
Yes (Level 1)
Nov 2024

 

Appendix D – Stand-Alone & P2PE POI Management Policy

POI Device Inventory and Management

  • Maintain an up-to-date inventory of all POI devices, including make, model, location, and serial number.
  • Establish procedures for securely adding, relocating, and decommissioning POI devices.

Physical Security Measures

  • Secure POI devices with tamper-evident seals or locked enclosures.
  • Inspect devices at least quarterly; log inspections.
  • Store unused devices in a locked cabinet or secure room.

Secure Configuration & Software Management

  • Configure POI devices per manufacturer and PCI PTS guidelines.
  • Change default passwords and restrict admin access.
  • Apply firmware and security patches promptly.

Access Controls

  • Restrict physical and logical access to authorised personnel.
  • Use unique credentials for administrative access and MFA where possible.
  • Segregate duties to prevent unauthorised changes.

 

Appendix E – eCommerce Configuration & Hardening Policy

Server Configuration Standards

  • Remove unnecessary services and default accounts.
  • Enforce TLS 1.2+ for all public-facing services.
  • Implement file-integrity monitoring.

System Hardening Procedures

  • Apply OS and application patches within 30 days.
  • Deploy anti-malware and endpoint-detection tools.

Administrative Access Controls

  • Limit root/administrator access; enforce MFA.
  • Maintain audit logs for all administrative actions.

Vulnerability Management

  • Perform quarterly vulnerability scans and after significant changes.
  • Remediate critical findings within 30 days.

Backup & Recovery

  • Maintain daily off-site backups; test restores annually.

Monitoring & Incident Response

  • Enable real-time alerting via WAF and IDS.
  • Follow Incident Response Plan (Section 10) for any detected compromise.

 

For questions regarding this Information Security Policy, contact the Security Officer via our Contact Page at https://budclubshop.com/contact.

 

© 2025 BUD CLUB MEDIA, LLC. All rights reserved.

 

Money Back Guarantee

Fast Shipping, Free Over $75

Lab Tested for Safety & Potency
0
    0
    Your Cart

    Add $100.00 more to get Free Shipping!

    Your cart is empty
    Scroll to Top

    © 2025 Global Motion Holdings, LLC. All rights reserved.

     

    BudClubShop.com is a brand owned and operated by Global Motion Holdings, LLC, a North Carolina limited liability company.

     

    4030 Wake Forest Road, Ste 349, Raleigh, NC, 27609

    WANT 15% OFF?

    Sign up for emails that you’ll actually enjoy recieveing about our premium flower 

    No thanks , I'II pay full price