Security Policy

Security Policy

bpro.co.nz (“BPro”, “we”, “us”) take the security of our website, our systems, and the information you entrust to us seriously. This Security Policy outlines the measures we have in place to protect your data when you use bpro.co.nz.

This policy should be read together with our Privacy Policy, which sets out how we collect, use and disclose personal information in accordance with the Privacy Act 2020.

1. Secure transmission

All traffic to and from bpro.co.nz is encrypted using TLS (HTTPS). This protects information transmitted between your browser and our servers — including login details, order information, and file uploads — from interception.

We use modern TLS protocols and current industry-standard cipher suites, and disable known-insecure protocols.

2. Payment security

Payments on bpro.co.nz are processed by ANZ Bank and its associated payment gateway. The payment gateway is PCI DSS (Payment Card Industry Data Security Standard) compliant.

  • We do not store full credit or debit card numbers on our systems.
  • Card data is entered directly into the payment provider’s secure environment.
  • We receive only transaction confirmation data (such as the last four digits of the card and an authorisation reference), which is retained for reconciliation and refund purposes.

3. Account security

If you register an account on bpro.co.nz:

  • Passwords are stored in hashed and salted form using industry-standard algorithms. We never store passwords in plain text.
  • You are responsible for keeping your login details confidential and for all activity that occurs under your account.
  • Notify us immediately at [support@bpro.co.nz] if you suspect unauthorised access to your account.

We recommend using a strong, unique password for bpro.co.nz and not reusing passwords from other sites.

4. Infrastructure and hosting

bpro.co.nz is hosted with reputable providers that operate physically secure data centres with access controls, redundancy, and monitoring. Hosting environments are kept up to date with security patches, and access to production systems is restricted to authorised personnel and protected by multi-factor authentication.

5. Access controls

Access to customer data and production systems is granted on a least-privilege basis — staff and contractors only have the access necessary for their role. Access is reviewed regularly and revoked when no longer required.

6. File and order data

Customer files and order data are stored on access-controlled systems and are used only to fulfil orders and provide support. Customer images are not used for any other purpose without express written consent. See our Privacy Policy for full details on data handling and retention.

7. Monitoring and patching

We monitor our systems for suspicious activity and apply security updates to our website, servers, and supporting software on an ongoing basis. We use reputable third-party tools to help detect and respond to potential threats.

8. Staff awareness

Our team is trained to handle personal information and payment data appropriately, recognise common threats such as phishing, and follow secure work practices. Confidentiality obligations apply to all employees and contractors.

9. Incident response

If we become aware of a security incident affecting personal information, we will:

  • Investigate and contain the incident promptly
  • Assess the impact on affected individuals
  • Notify the Office of the Privacy Commissioner and affected individuals where the incident is a notifiable privacy breach under Part 6 of the Privacy Act 2020
  • Take reasonable steps to prevent recurrence

10. Your role in security

Security is a shared responsibility. We ask that you:

  • Keep your account credentials confidential
  • Use a strong, unique password
  • Keep your own devices, browsers and antivirus software up to date
  • Be alert to phishing emails — we will never ask for your password by email
  • Report anything suspicious to [security@bpro.co.nz]

11. Reporting a security issue

If you believe you have found a security vulnerability in bpro.co.nz, please report it to [security@bpro.co.nz]. We appreciate responsible disclosure and will respond as quickly as practicable.

Please do not publicly disclose the issue until we have had a reasonable opportunity to investigate and address it.

12. Limitations

No system can be guaranteed completely secure. While we take reasonable steps to protect your information in line with the Privacy Act 2020 and NZ industry standards, we cannot guarantee absolute security. You provide information to us at your own risk.

13. Changes to this policy

We may update this Security Policy from time to time to reflect changes in our practices, technology, or legal obligations. The current version will always be available at bpro.co.nz.

14. Contact

General enquiries: [support@bpro.co.nz]

Last updated: 2026