Security & Data Handling Statement

Security program

We maintain administrative, technical, and organizational measures designed to protect personal information, including access controls on a need-to-know basis, encryption of data in transit, secure development practices, logging, and vulnerability management.

Personnel with access to production systems undergo training and are subject to confidentiality obligations.

Incident response

We maintain procedures to detect, escalate, and remediate suspected incidents. Where required by law, we will notify regulators and affected individuals, taking into account guidance from authorities.

No absolute guarantee

No system is perfectly secure. You help protect your account by using strong passwords, enabling multi-factor authentication when available, and avoiding shared or public devices for sensitive actions.

PCI scope

Cardholder data is handled by PCI DSS–validated service providers. Smart Dining limits its environment to tokens and metadata consistent with SAQ-A style architectures where applicable.