v3.26.1
CYBERSECURITY
 12 Months Ended
Dec. 31, 2025
Cybersecurity Risk Management, Strategy, and Governance [Abstract]  
CYBERSECURITY

 

ITEM 1C. CYBERSECURITY

 Risk

We aim to deploy a cyber-risk management program which is intended to assist in assessing, identifying, and managing material risks from cybersecurity threats to our data and information systems. The Company currently manages its cybersecurity risk through a variety of practices that are applicable to all users of our information technology and information assets, including our officers and directors, contractors, and vendors. The Company uses a combination of technology and monitoring to promote security awareness and prevent security incidents, including network and passwords protocols, third party firewalls, and antivirus protections.

 

 

 

 

We rely on third-party cloud infrastructure provided by Amazon Web Services (“AWS”) to host our online shopping platform and related systems. Under AWS’s shared responsibility model, AWS is responsible for the security of the underlying cloud infrastructure, while we are responsible for securing our applications, data, and access controls within that environment.

 

We have implemented a cybersecurity program designed to identify, assess, and manage cybersecurity risks. This program includes:

 

  · Access Controls: Role-based access aligned with least privilege principles, with multi-factor authentication implemented for privileged accounts
  · Data Protection: Encryption of sensitive data in transit and at rest, where supported, and restrictions on access to customer data
  · System Monitoring and Logging: Continuous monitoring of system activity using tools available within AWS, including logging and alerting mechanisms to detect potential unauthorized access or anomalies
  · Incident Response: A defined process to identify, contain, investigate, and remediate cybersecurity incidents, including escalation procedures to management
  · Third-Party Risk Management: Evaluation of third-party service providers, including AWS, as part of our overall cybersecurity risk management approach

 

We periodically assess our systems for potential vulnerabilities and implement remediation measures as appropriate. Our cybersecurity program is integrated into our broader risk management processes and is overseen by management.

 

Management is responsible for cybersecurity oversight, including the evaluation of risks and the effectiveness of related controls. As our business evolves, we expect to continue enhancing our cybersecurity capabilities, processes, and governance structures. Our Board of Directors performs an annual review of our cybersecurity program, including management’s actions to identify and detect threats.

 

We rely on third-party providers, including AWS, for critical infrastructure and services. While we consider the security measures of these providers, their systems and controls are outside of our direct control and may expose us to additional risks.

 

We have not experienced any material cybersecurity incidents or identified any material cybersecurity threats that have affected or are reasonably likely to materially affect us, our business strategy, results of operations or financial condition.

 

Cybersecurity threats are continually evolving, and despite our efforts, we cannot guarantee that our systems will be fully protected from all potential vulnerabilities or incidents.