This document requests information about the developer's data security and privacy practices. It asks about policies, procedures, tools and documentation related to access management, encryption, incident response, data deletion, governance, storage, monitoring and more. The developer provides links to their privacy policy and several internal documentation drafts and procedures related to data security and retention. They also describe some security tools used and state that merchant IDs and previous assessment reports are not available.