SECURITY POLICY

Effective Date: June 12, 2025

PEPE is committed to ensuring the security and integrity of our website, business operations, and customer data. This Security Policy outlines the measures we take to protect against cyber threats, unauthorized access, and data breaches.

1. Website Security

• Secure Website Access: All access to our website is encrypted using Secure Sockets Layer (SSL) technology to protect sensitive information transmitted between users and our servers.
• Multi-Factor Authentication (MFA): Administrative and sensitive user accounts are protected with MFA to prevent unauthorized access.
• Regular Security Audits: We conduct periodic audits of our website and network to identify and address vulnerabilities.
• Web Application Firewall (WAF): Our website is protected by a web application firewall to monitor, filter, and block malicious traffic.
• Software Updates: All website software, including plugins and content management systems, are kept up to date to mitigate known security risks.

2. Data Protection

• Customer Data Encryption: Personal and transactional data are encrypted both in transit and at rest.
• Access Controls: Access to sensitive data is restricted to authorized personnel only, following the principle of least privilege.
• Data Backups: Regular backups of customer and business data are performed to ensure data recovery in case of an incident.

3. Network and IT Security

• Secure Wi-Fi Networks: Our business networks are secured, encrypted, and hidden. Guest Wi-Fi is subnetted from the main network.
• Antivirus and Anti-Malware: All business devices are equipped with updated antivirus and anti-malware software.
• Network Audits: Regular network audits are conducted to detect and remediate vulnerabilities.

4. Employee Training and Awareness

• Security Training: All employees receive security awareness training upon hiring and at regular intervals thereafter.
• Phishing and Social Engineering: Staff are trained to recognize and report phishing attempts and other social engineering tactics.
• Incident Reporting: Employees are required to report any suspicious activity or security incidents immediately.

5. Physical Security

• Facility Access: Access to our facilities is restricted to authorized personnel only, with controlled entry points and visitor management procedures.
• Surveillance: Premises are monitored by video surveillance to deter and detect unauthorized activity.
• Inventory and Product Security: All inventory is securely stored and monitored to prevent theft or diversion.

6. Incident Response

• Incident Management: We maintain a documented incident response plan to address and mitigate security breaches or cyber incidents.
• Notification: In the event of a data breach affecting customer information, affected parties will be notified in accordance with applicable laws.

7. Compliance

• Legal and Regulatory Compliance: Our security practices are designed to comply with applicable federal, state, and local laws and regulations, including those specific to cannabis businesses.
• Regular Policy Review: This Security Policy is reviewed and updated regularly to reflect changes in technology, threats, and regulatory requirements.

8. Contact Information

If you have any questions or concerns about our Security Policy, please contact us at:

Phone: (305) 848-5590
Mailing Address: 3143 SW 21 St, Miami, FL 33145