1. Introduction

At iPower Inc., we respect the privacy of our users and are committed to protecting it through our compliance with this policy. This policy describes the types of information we may collect from you or that you may provide when you use our services, and our practices for collecting, using, maintaining, protecting, and disclosing that information.

2. Information We Collect

We collect several types of information from and about users of our services, including:

• Personal Identifiable Information (PII), such as name, postal address, e-mail address, phone number.
• Non-PII data like usage, viewing, and technical data, including your device identifier when you visit our site, use our services, or view our content.

3. How We Use Your Information

We use the information we collect to:

• Present our services and its contents to you.
• Provide you with information, products, or services that you request from us.
• Other purposes with your consent.

4. Network Protection and Access Management

iPower Inc. has robust network protection controls and access management in place. We have implemented network protection measures including the use of network firewalls and network access control lists, anti-virus, anti-malware software, network segmentation, and strict access controls for authorized users only.

We also have a formal user access registration process that assigns unique IDs to each person with computer access to Information. We do not allow the creation or usage of generic, shared, or default login credentials or user accounts and prevent user accounts from being shared. Our baselining mechanisms ensure that only the required user accounts access Information, and access is promptly removed for terminated employees.

5. Data Security Principles

We adhere to the principle of least privilege, granting rights only on a "need-to-know" basis and implementing fine-grained access control mechanisms. We establish minimum password requirements and ensure that Multi-Factor Authentication (MFA) is mandatory. All API keys are encrypted and strictly accessible only by the required personnel.

6. Encryption and Risk Management

We ensure that all Information is encrypted during transit using secure protocols such as TLS 1.2+, SFTP, and SSH-2. We also have a risk assessment and management process that is reviewed annually.

7. Logging and Monitoring

We gather logs to detect security-related events to our Applications and systems including the success or failure of an event, date and time, access attempts, data changes, and system errors. These logging mechanisms are implemented on all channels providing access to Information. Logs are reviewed in real-time or on a bi-weekly basis and have access controls to prevent any unauthorized access and tampering throughout their lifecycle. Logs do not contain PII unless necessary to meet legal requirements. Unless otherwise required by applicable law, logs are retained for at least 90 days for reference in the case of a Security Incident. Mechanisms are in place to monitor the logs and all system activities to trigger investigative alarms on suspicious actions. Monitoring alarms and processes have been implemented to detect if Information is extracted from or found beyond its protected boundaries. Investigations are performed when monitoring alarms are triggered, and this is documented in our Incident Response Plan.

Our incident response plan identifies the roles and responsibilities, incident types, response procedures, and escalation paths. We notify the relevant entities within 24 hours of detecting a Security Incident and investigate each incident thoroughly.

8. Data Deletion and Attribution

Upon Amazon's notice requiring deletion, we permanently and securely delete Information within 30 days, unless the data is necessary to meet legal requirements. We also store Information in a separate database or use a mechanism to tag and identify the origin of all data.

9. Vulnerability Management

We have a vulnerability management plan in place to detect and remediate vulnerabilities. Vulnerability scans and remediations are performed routinely, and changes to the storage hardware are controlled and monitored.

10. Retention of Your Information

Your PII is retained for as long as it is necessary to fulfill the purposes for which it was collected. Specifically, we retain your PII for a period of 30 days after the completion of your order, after which the PII is permanently deleted from our systems.

11. Disclosure of Your Information

We do not share, sell, or otherwise disclose your personal information for purposes other than those outlined in this Privacy and Data Handling Policy.

12. Changes to Our Privacy and Data Handling Policy

We may make changes to our policy from time to time and post the updated policy on this page. If we make material changes to how we treat our users' personal information, we will notify you through a notice on the website home page.

13. Contact Information

To ask questions or comment about this privacy policy and our privacy practices, contact us at: it@meetipower.com

Local Office Contact info

• Phone: (+1) 877 786 9608
• E-mail: info@meetipower.com
• Business time: Mon. - Fri. 9AM - 5PM PST
• Home Privacy and Data Handling Policy