New AI Governance Framework 2026 now available. View Resource →

Enterprise:
Trust & Security

Your Trust is Our Foundation

We understand that enterprise advisory relationships require the highest standards of confidentiality and security. Here's how we protect your information.

Confidentiality

  • All client information is treated as confidential by default
  • We sign NDAs before receiving sensitive materials
  • Client names and details are never shared without explicit consent

Data Handling

  • Client data is stored in encrypted, access-controlled systems
  • We do not sell, share, or monetize client data
  • Data is retained only as long as necessary for the engagement

Security Practices

  • Enterprise-grade security controls informed by industry frameworks
  • TLS 1.3 encryption in transit, AES-256 at rest
  • Regular security assessments and updates

Engagement Model

  • Direct engagement with senior advisors (no subcontracting without approval)
  • Clear scope and deliverables defined in SOW
  • Professional liability insurance maintained

Security Measures

  • TLS 1.3 encryption for all data in transit
  • AES-256 encryption for data at rest
  • MFA enforced on all administrative systems
  • Breach notification within 72 hours of discovery, as required by applicable law
  • Regular assessments including penetration testing and security audits
  • NDA-first engagement — we sign before receiving sensitive materials

Full technical details in our Privacy Policy §10. Additional documentation available under NDA.

Data Retention

We distinguish between two categories of information:

Client Working Materials

Decks, datasets, meeting notes, drafts, and other sensitive working documents shared during an engagement.

Purged after the engagement window.

Engagement Records

Contracts, invoices, SOWs, and compliance documentation required for business and regulatory purposes.

Retained per legal/regulatory requirements (typically 7 years).

Full retention schedule in our Privacy Policy §9.

Need Security Documentation?

For procurement teams and security reviews, we provide additional documentation including security questionnaire responses, insurance certificates, and compliance attestations upon request.

View Procurement Packet → Request Security Materials →

Compliance & Standards

SOC 2–Aligned Controls
TLS 1.3 + AES-256
NDA Ready
Insured

Questionnaires

Available upon request

COI / Insurance

Available upon request

DPA / SCC

Where applicable

Subprocessors

Disclosed per engagement

About “SOC 2–aligned”: Our controls are mapped to SOC 2 Trust Service Criteria. We do not claim third-party attestation or certification unless explicitly stated. Documentation is available under NDA where applicable.

View Full Procurement Packet