PAYMENT & SECURITY POLICY

1. PAYMENT PROCESSORS AND THIRD PARTIES

1.1 Authorized Payment Processors
VitaYouth.store uses the following third-party payment processors to handle credit card transactions, payments, and financial processing:

Stripe Inc. (https://stripe.com)
Handles: Credit card processing, debit card processing, payment authorization, transaction settlement. Coverage: All major credit cards (Visa, Mastercard, American Express, Discover), international cards. Compliance: PCI-DSS Level 1, SSL/TLS encryption, fraud detection. Privacy: Subject to Stripe's Privacy Policy at https://stripe.com/privacy

PayPal (https://paypal.com)
Handles: PayPal wallet payments, PayPal balance transfers, PayPal credit. Coverage: PayPal account holders and linked payment methods. Compliance: PCI-DSS compliant, OAuth authentication, fraud prevention. Privacy: Subject to PayPal's Privacy Policy at https://www.paypal.com/privacy

1.2 CRITICAL: Company Does NOT Store Payment Card Data
IMPORTANT: The Company DOES NOT store full credit card numbers, CCV/CVV security codes, expiration dates, PIN numbers, or directly process raw card data. All sensitive payment information is processed directly by Stripe or PayPal. Your card data NEVER touches our servers.

1.3 What Information the Company DOES Store
The Company stores only the following non-sensitive payment information for billing and order purposes: last 4 digits of card (e.g., ****1234), card type (Visa, Mastercard, American Express, Discover), cardholder name, billing address, transaction ID from payment processor, amount charged, payment date and time, and payment status (approved, declined, pending). This information is stored securely on encrypted databases with access restricted to authorized personnel only.

2. PAYMENT SECURITY MEASURES

2.1 SSL/TLS Encryption
All data transmitted between your browser and our website is encrypted using SSL/TLS (Secure Sockets Layer/Transport Layer Security) encryption. Your browser displays a padlock icon and https:// in the URL bar. Encryption strength: 256-bit or higher. Certificate: Valid SSL certificate issued by trusted certificate authority. Any data you send to us (payment info, address, email) is encrypted and cannot be intercepted.

2.2 PCI-DSS Compliance
The Payment Card Industry Data Security Standard (PCI-DSS) is the security standard set by major credit card companies. Stripe and PayPal are both certified as PCI-DSS Level 1 compliant (the highest level), ensuring all transactions are processed securely with regular security audits, firewalls, intrusion detection systems, access controls, and encryption of sensitive data at rest and in transit.

2.3 Tokenization
When you submit payment information to Stripe or PayPal, it is converted into a token (a secure identifier) rather than storing the actual card data. Only the token is stored on our servers. The actual card number cannot be reconstructed from the token. This allows us to process refunds and recurring charges without storing sensitive data.

2.4 Fraud Detection
Stripe and PayPal use advanced fraud detection algorithms to identify and block suspicious transactions including velocity checks, geographic checks, device fingerprinting, CVV verification, AVS (Address Verification System), and 3D Secure for high-risk transactions.

2.5 Company-Level Security
Beyond payment processors, VitaYouth.store implements additional security: firewalls and intrusion detection systems on all servers, regular security audits and penetration testing, access controls limiting employee access to customer data, encryption of all databases containing sensitive information (AES-256 or equivalent), secure backup procedures, employee training on data protection, and monitoring for suspicious activities.

3. YOUR PAYMENT SECURITY RESPONSIBILITIES

While we secure your payment on our end, YOU must protect your card information:

• Never share your credit card number, CVC, or PIN with anyone
• Never enter payment information on public or unsecured Wi-Fi
• Always verify https:// and the padlock icon before entering payment info
• Do not respond to emails asking for payment information (phishing)
• Log out of your account after shopping
• Monitor your credit card statements for unauthorized charges
• Report suspicious activity to your card issuer immediately

4. PAYMENT AUTHORIZATION AND BILLING

4.1 Payment Authorization
By entering payment information at checkout, you authorize Stripe or PayPal to charge your payment method, the Company to request payment from your financial institution, recurring charges if you have a subscription (if applicable), and currency conversion if your billing currency differs from USD.

4.2 Billing Practices
Charges appear on your statement as VITAYOUTH or VITAYOUTH.STORE. Charges are processed immediately upon order authorization. Refunds appear on your statement within 3-5 business days (varies by issuer). You receive an order confirmation email with transaction details.

5. UNAUTHORIZED CHARGES

5.1 Reporting Unauthorized Charges
If you notice an unauthorized charge on your statement, contact support@vitayouth.store immediately with order number, transaction date, amount, and reason. The Company will investigate within 15 business days. If the charge is determined to be unauthorized: Full refund will be issued. If the charge is legitimate: No refund. We will explain why.

5.2 Chargeback Disputes
If you dispute a charge through your credit card company without contacting us first, your account will be immediately suspended, pending refunds will be cancelled, you will be banned from future purchases, and repeated chargebacks may result in legal action. ALWAYS contact support@vitayouth.store first to resolve billing issues.

6. PAYMENT PROCESSOR LIABILITY

6.1 Third-Party Responsibility
Stripe and PayPal are independent third parties. The Company is not responsible for payment processor service interruptions, security breaches, declined or failed transactions, payment processor fees, or their handling of disputes, refunds, or chargebacks. For issues related to Stripe or PayPal, contact them directly.

6.2 Company Liability for Payment Security
If a security breach occurs on VitaYouth.store's systems, we will notify you within 72 hours (as required by law), explain what information was compromised, provide steps to protect yourself, and work with payment processors and authorities to remediate. IMPORTANT: Because we do not store credit card numbers directly, the impact of a breach on payment data is minimal. Your card data is safe with Stripe or PayPal.

7. CURRENCY AND EXCHANGE RATES

All prices on VitaYouth.store are displayed in USD (United States Dollars). If you pay from a different currency, your payment method's issuing bank handles the currency conversion. Exchange rates and conversion fees are determined by your bank, not by VitaYouth.store. The charge amount shown at checkout (in USD) is what will be converted to your local currency. Check with your bank about foreign transaction fees.

8. DATA RETENTION

Payment and transaction information is retained for 7 years for financial audit and tax compliance, 3 years for potential refund/chargeback claims, and longer if required by law or if a dispute is pending. After the retention period, payment data is securely deleted.

9. COMPLIANCE CERTIFICATIONS

VitaYouth.store operates in compliance with PCI-DSS (via Stripe and PayPal), GDPR (for EU customers), CCPA (for California residents), PIPEDA (for Canadian customers), and all applicable federal and state payment and data protection laws.

10. SECURITY BADGES AND TRUST INDICATORS

VitaYouth.store displays the following security badges on the website: Stripe Badge (indicates Stripe payment processing and PCI-DSS compliance), SSL Security Certificate (displayed in the browser address bar as a padlock icon), and PayPal Badge (indicates PayPal payment processing). These badges verify that our website uses secure payment processing and encryption.

11. TRANSPARENCY AND TRUST

We are committed to transparency about payment security: We do NOT store your credit card numbers. All payment processing is handled by industry-leading, PCI-DSS Level 1 compliant processors. We use SSL/TLS encryption for all data transmission. We do NOT share your payment data with third parties except for legitimate order fulfillment. We conduct regular security audits and updates.

12. QUESTIONS OR CONCERNS

If you have questions about payment security, data protection, or have experienced a security issue, email: support@vitayouth.store with subject "Payment Security Question" or "Security Incident Report".

Mailing Address:
VitaYouth Solutions LLC, 75 E 3rd St, Sheridan, WY 82801, United States

Response Time: 24 hours for security-related inquiries. If you believe a security breach has occurred, also notify your credit card issuer or bank immediately.

13. THIRD-PARTY PRIVACY POLICIES

This Payment & Security Policy applies to VitaYouth.store. Payment processors have their own privacy and security policies: Stripe Privacy Policy (https://stripe.com/privacy), Stripe Security (https://stripe.com/security), PayPal Privacy Policy (https://www.paypal.com/privacy), PayPal Security (https://www.paypal.com/security). We recommend reviewing their policies to understand how they handle your payment data.

14. MODIFICATIONS TO THIS POLICY

VitaYouth.store may update this Payment & Security Policy to reflect changes in technology, regulations, or business practices. Material changes will be communicated via email or website notice. Your continued use of the website means you accept the updated policy.