Security & Data Protection Policy

1. Purpose

This Security & Data Protection Policy outlines how Obsidian Digital Technologies LLC safeguards information, systems, and data accessed, processed, or supported in the course of providing technology, IT, web, application, and cybersecurity-related services.

Our goals are to:

• Protect the confidentiality, integrity, and availability of data
• Reduce the risk of unauthorized access or misuse
• Maintain trust with clients, users, and partners
• Support compliance with applicable data protection and privacy laws

2. Scope

This policy applies to:

• All client, user, and business data accessed or handled by the Company
• Systems, devices, applications, websites, and networks managed, configured, or supported by us
• All employees, contractors, and authorized representatives of the Company

3. Data We May Handle

Depending on the scope of services, we may access or process:

• Business contact and account information
• Website or application content and databases
• Authorized system credentials and configuration data
• Logs, metadata, and operational system information

We do not intentionally collect highly sensitive personal data (such as government identification numbers, payment card data, or medical records) unless explicitly required and documented in a written agreement.

4. Data Security Measures

We implement reasonable administrative, technical, and operational safeguards appropriate to the services provided, which may include:

Administrative Safeguards

• Role-based and least-privilege access controls
• Confidentiality and acceptable use requirements
• Periodic access reviews

Technical Safeguards

• Secure authentication and access management
• Encrypted connections where supported
• Firewall and endpoint security configuration
• Logging and monitoring for suspicious activity

Operational Safeguards

• Secure handling of credentials and system data
• Controlled access to devices and systems
• Separation of environments where applicable

5. Data Access & Confidentiality

• Access to client data is limited to authorized personnel only
• Data is accessed solely to perform contracted services
• Confidential information is not disclosed to third parties without authorization, except where legally required

6. Data Retention & Minimization

• Data is retained only as long as necessary to fulfill service obligations
• Credentials and access rights are removed when services end where feasible
• We do not sell, trade, or monetize client data

7. Client Responsibilities

Clients are responsible for:

• Maintaining secure passwords and access controls
• Ensuring systems not managed by the Company remain secure
• Promptly notifying us of suspected security incidents
• Complying with laws applicable to their data and industry

Security is a shared responsibility.

8. Incident Response

If a security incident is suspected:

• Reasonable steps will be taken to assess and contain the issue
• Clients will be notified when appropriate
• Assistance is limited to the scope of contracted services
• Formal forensic analysis or guaranteed breach remediation is not included unless separately agreed in writing

9. Cybersecurity Disclaimer

Obsidian Digital Technologies LLC provides cybersecurity readiness, configuration, monitoring support, and education services.

We do not guarantee breach prevention or provide unauthorized penetration testing, forensic investigations, or breach insurance.

10. Compliance

We aim to follow applicable data protection and privacy laws relevant to our services. Clients are responsible for determining regulatory obligations applicable to their data and operations.

11. Policy Updates

This policy may be updated periodically. Updated versions will be made available through our website or client documentation. Continued use of services constitutes acceptance of revisions.

12. Contact Information