Security Policy

Last updated: 13/02/2026

Charmbodies.com (the “Site”) places particular importance on security and data protection. This policy describes, in general terms, the security measures applied to protect the Site, user accounts and personal data against unauthorized access, loss, alteration and abuse.

1. Security principles

• We implement appropriate technical and organizational measures, proportionate to the risks, in order to protect the Site and data.
• We apply an approach focused on preventing abuse (spam, fraud, unauthorized access) and on continuous security improvement.
• The processing of personal data is described in the Privacy Policy.

2. Technical measures (examples)

• Encryption of communications: use of HTTPS/TLS to protect communications with the Site.
• Account security: passwords stored in hashed form and measures aimed at limiting unauthorized access.
• Access controls: access to systems and data restricted according to the “need-to-know” principle (roles/permissions).
• Logging & detection: retention of technical logs and implementation of controls aimed at detecting abnormal behavior (to the extent necessary for security and anti-abuse).
• Anti-abuse protection: mechanisms aimed at limiting spam, bots and certain common attacks.
• Backups / continuity: continuity and/or backup measures may be used in order to reduce the risks of data loss and service interruption.
• Sensitive access: additional authentication or verification measures may be applied for certain high-risk actions or critical access.

3. Organizational measures

• Internal access to data is limited to persons with a legitimate operational need.
• Procedures intended to reduce the risks of errors, unauthorized access and abuse.
• Where third-party providers are used (e.g., hosting, security, email), protection and security measures may be applied as needed and within the contractual framework.

4. Security incidents & data breaches

• In the event of a security incident, we may take reasonable measures to limit the impact, secure systems and investigate the origin of the incident.
• In the event of a personal data breach, the Operator notifies the competent authority and/or the affected individuals when required by applicable rules (including GDPR time limits, such as 72 hours from becoming aware of the breach, where applicable).

5. User responsibilities

• Use a strong password and do not share it.
• Protect access to your devices (computer, phone, email).
• Promptly report any suspected unauthorized access, phishing or abuse.

6. Security contact

To report phishing, a vulnerability, a technical incident or a security issue: [email protected]

7. Applicable law

This policy is governed by the laws of the Republic of Cyprus, subject to mandatory applicable provisions.