Security Policy

Cannabis Commerce Forum (CCF)
Effective Date: 10 April 2026
Last Updated: 5 May 2026

Cannabis Commerce Forum (“CCF”) is committed to ensuring the security of your personal and payment information. This Security Policy describes the measures we take to protect data transmitted through our website www.cannabiscf.org.

1. Secure Data Transmission

All data transmitted between your browser and our website is protected using SSL/TLS (Secure Sockets Layer / Transport Layer Security) encryption. This ensures that any information you submit — including personal details and payment card data — is encrypted and cannot be intercepted by unauthorised parties.

You can verify this by looking for the padlock icon in your browser’s address bar and confirming the URL begins with https://.

2. Payment Card Security

We take the security of your payment card information seriously:

  • PCI-DSS Compliance: All payment transactions are processed through a payment gateway that is fully compliant with the Payment Card Industry Data Security Standard (PCI-DSS)
  • No Card Storage: CCF does not store, process, or retain your full credit or debit card details on our servers. All card information is handled directly by our PCI-DSS compliant payment processor
  • Encryption: Payment card data is encrypted using industry-standard 256-bit encryption during transmission
  • Tokenisation: Where recurring payments are applicable, card details are replaced with secure tokens — meaning your actual card number is never stored

3. Website Security Measures

We employ the following security measures to protect our website and your data:

  • SSL Certificate: Our website uses a valid SSL certificate ensuring all communications are encrypted
  • Firewalls: Web application firewalls protect against common attacks such as SQL injection and cross-site scripting (XSS)
  • Regular Updates: Our website platform, plugins, and security patches are regularly updated to address known vulnerabilities
  • Access Controls: Administrative access to the website and databases is restricted to authorised personnel only, with strong authentication requirements
  • Monitoring: We monitor our systems for suspicious activity and unauthorised access attempts

4. Data Protection

In addition to transmission security, we protect stored data through:

  • Encrypted databases for personal information
  • Regular data backups stored securely
  • Principle of least privilege — staff only access data necessary for their role
  • Secure deletion of data that is no longer required

5. Compliance with South African Law

Our security practices comply with:

  • Protection of Personal Information Act (POPIA): We implement appropriate security measures as required by POPIA to protect personal information
  • Electronic Communications and Transactions Act (ECTA): We adhere to requirements for secure electronic transactions

6. Your Responsibility

While we take every reasonable measure to protect your information, we also recommend that you:

  • Keep your login credentials confidential and do not share them with others
  • Use strong, unique passwords for your account
  • Ensure your device and browser are up to date with the latest security patches
  • Log out of your account when using shared or public computers
  • Report any suspicious activity to us immediately

7. Reporting Security Concerns

If you suspect any security breach, unauthorised access to your account, or suspicious activity on our website, please contact us immediately:

Cannabis Commerce Forum
Email: info@cannabiscf.org
Website: www.cannabiscf.org

8. Updates to This Policy

We may update this Security Policy periodically to reflect improvements in our security practices or changes in regulatory requirements. Any updates will be posted on this page with a revised effective date.