We design projects for safety and clarity. This page outlines general practices. Project-specific controls are detailed in your statement of work (SOW).
Access & Credentials
Least-privilege access scoped to project needs.
Credential sharing via secure vaults or temporary tokens.
Audit logs where supported by the platform.
Clear off-boarding and credential rotation at project end.
Hosting & Isolation
Cloud by default, with VPC isolation or on-premises on request.
Environment separation (dev/sandbox vs. production) where applicable.
Data egress restrictions and network rules when needed.
Data Handling
No training on your private data.
PIPEDA/PIPA aligned; NDA available on request.
Data processing only for agreed services, not for resale.