Security and Privacy Overview

1. Overview

Acephalt Inc. is committed to protecting customer, partner, and company data through appropriate administrative, technical, and physical safeguards. This overview summarizes Acephalt’s approach to security, privacy, access control, operational resilience, and third-party risk management.

2. Certifications & Compliance

• Status: SOC 2 Type I / Type II status pending.
• Documentation: Additional security and compliance materials may be shared under NDA upon request.

3. Data Privacy

• Customer Data Usage: Customer data is used only as necessary to deliver contracted services, support operations, and improve service delivery in line with customer agreements and applicable law.
• Data Minimization: Access, collection, and processing are limited to what is needed for legitimate business purposes.
• Retention & Deletion: Data is retained per contractual, operational, and legal requirements and securely deleted when no longer required.
• Third Parties: Service providers are expected to operate under appropriate contractual and security safeguards.

4. Data Security

• Encryption: Data in transit is protected with TLS 1.2+ or equivalent secure transport protocols; data at rest is encrypted with industry-standard controls where applicable.
• Segregation: Customer and business data is logically segregated where appropriate to support access boundaries and isolation controls.

5. Access Control

• Least Privilege: System and data access is restricted to authorized personnel with a legitimate business need.
• Authentication: Role-based access controls are applied where appropriate, and multi-factor authentication is required for privileged or sensitive access.
• Monitoring: Access to critical systems and sensitive data is logged, monitored, and periodically reviewed.
• People Controls: Personnel receive recurring security and privacy awareness training.

6. Application & Infrastructure Security

• Secure Change Management: Systems, applications, and changes are reviewed and tested prior to production release as appropriate.
• Vulnerability Management: Critical systems are patched and monitored for known vulnerabilities.
• Infrastructure: Hosting and infrastructure controls are designed to protect the confidentiality, integrity, and availability of systems and data.
• Vendor Risk: Critical vendors are evaluated through risk-based review processes and expected to meet applicable security requirements.

7. Incident Response & Business Continuity

• Incident Response: Acephalt maintains response procedures for identifying, escalating, containing, and remediating security events, with notification handled per contractual and legal obligations.
• Business Continuity: Backup, recovery, and continuity measures support resilience and restoration of critical operations.

8. Contact Information

This document is for general informational purposes only and does not modify contractual commitments.