Security and operational safeguards

Access control

Access is limited to what is needed for delivery. Role based access principles are used where possible. Credentials and permissions should follow your internal policies.

Data minimisation

We request only the information required to perform the agreed scope. Sensitive information should not be shared unless required and authorised.

Retention

Removed employees retain relevant service data for 30 days. Active clients have rolling retention aligned with ongoing delivery. Retention exceptions may apply where required by law or compliance.

Incident handling

Suspected incidents are reviewed promptly. Where appropriate, affected clients are notified with practical details and next actions.

Compliance

If you require specific standards, inform us during onboarding. We document operational boundaries and delivery standards as part of the managed team model.