Security Policy
This policy outlines the core security practices Ponnomix uses to protect customer accounts, payment activity, application data, and operational systems.
1. Data Encryption Practices
Ponnomix uses encrypted connections for customer interactions involving account access, checkout, payment redirection, and sensitive profile actions. Encryption helps prevent unauthorized interception of information transmitted between customer devices and our services.
- Secure transport protocols are used for authenticated sessions and checkout activity.
- Sensitive credentials are never displayed in plain text through customer-facing interfaces.
- Internal access to protected data is restricted according to operational need and role responsibility.
2. Secure Payment Gateway Usage
Payment collection on Ponnomix is routed through secure, approved gateway providers designed to process transactions without exposing full payment details to unauthorized systems. Customers should always confirm they are using official payment pages before completing checkout.
Customer checkout reminder
Never share OTP codes, card PINs, or payment passwords with support agents, sellers, or third parties. Ponnomix does not request those credentials through email or chat.
3. Fraud Prevention Systems
Ponnomix monitors unusual order patterns, repeated failed payment attempts, suspicious location mismatches, account abuse indicators, and checkout anomalies that may suggest unauthorized or fraudulent activity.
- Risk-based order review may be applied to flagged transactions.
- Orders may be delayed, verified, or canceled if fraud indicators are detected.
- Additional customer verification may be required before fulfillment proceeds.
4. Account Protection Rules
Customers are responsible for maintaining the confidentiality of their login credentials and for keeping account contact information accurate. Prompt reporting of suspicious activity helps protect orders, wallet usage, saved addresses, and refund actions.
We recommend that customers:
- Use a unique password for their Ponnomix account.
- Sign out after using shared or public devices.
- Review account activity, saved addresses, and order history regularly.
- Report unauthorized login attempts immediately.
5. Login Security
Ponnomix may apply layered sign-in protections such as device checks, unusual session monitoring, rate limiting, password reset verification, and optional multi-factor authentication where available.
Account access notice
Repeated failed login attempts may trigger temporary account protection measures to reduce the risk of credential stuffing and brute-force access attempts.
6. Server-Side Security Practices
Our systems are maintained using layered security practices that may include access control, application monitoring, patch management, environment separation, audit review, and controlled deployment workflows.
- Operational access is limited to authorized personnel with defined responsibilities.
- Critical changes are reviewed and deployed through managed internal processes.
- Logging and monitoring support incident review, performance stability, and system integrity checks.
7. Reporting Vulnerabilities
If you believe you have identified a security vulnerability affecting Ponnomix, please report it responsibly through our official support channel. Include the issue summary, affected page or workflow, steps to reproduce, and any supporting screenshots or logs where appropriate.
We review credible security reports promptly and may take immediate action to protect customers, transactions, and platform services where risk is confirmed.