Your Trust is Our Foundation
We understand that enterprise advisory relationships require the highest standards of confidentiality and security. Here's how we protect your information.
Confidentiality
- All client information is treated as confidential by default
- We sign NDAs before receiving sensitive materials
- Client names and details are never shared without explicit consent
Data Handling
- Client data is stored in encrypted, access-controlled systems
- We do not sell, share, or monetize client data
- Engagement working materials are deleted within 30 days of engagement close unless SOW, NDA, legal hold, or procurement requirement specifies otherwise
Security Practices
- Enterprise-grade security controls informed by industry frameworks
- TLS 1.3 for data in transit where supported by client and tooling; AES-256 for data at rest on systems where storage is involved
- Regular internal security reviews and updates
Engagement Model
- Direct engagement with Jan Cichocki (no subcontracting without written approval)
- Clear scope and deliverables defined in SOW
- Professional liability insurance maintained
Security Measures
- TLS 1.3 encryption for all data in transit
- AES-256 encryption for data at rest
- MFA enforced on all administrative systems
- Breach notification within 72 hours of discovery, as required by applicable law
- Controls mapped to SOC 2 TSC — documentation available under NDA
- NDA-first engagement — we sign before receiving sensitive materials
Full technical details in our Privacy Policy §10. Additional documentation available under NDA.
Data Retention
We distinguish between two categories of information:
Client Working Materials
Decks, datasets, meeting notes, drafts, and other sensitive working documents shared during an engagement.
Purged after the engagement window.
Engagement Records
Contracts, invoices, SOWs, and compliance documentation required for business and regulatory purposes.
Retained per legal/regulatory requirements (typically 7 years).
Full retention schedule in our Privacy Policy §9.
Need Security Documentation?
For procurement teams and security reviews, we provide additional documentation including security questionnaire responses, insurance certificates, and control-mapping documentation upon request.
View Procurement Packet → Security Questionnaire → Request Security Materials →Procurement Pathways
Pick the entry point that matches your procurement workflow.
Security Questionnaire
SIG Lite, SIG Core, CAIQ v4, CSA STAR, or your custom template — completed by Jan personally within 5 business days of NDA.
View questionnaire workflow →Procurement Packet
Full procurement-side overview: data handling, retention, controls summary, and what is — and is not — attested.
View procurement packet →Request Materials
COI, DPA, NDA templates, subprocessor disclosure, or any other procurement artifact — submit a tailored request.
Submit a request →Compliance & Standards
Questionnaires
Available upon request
COI / Insurance
Available upon request
DPA / SCC
Where applicable
Subprocessors
Disclosed per engagement
About “SOC 2–aligned”: Our controls are mapped to SOC 2 Trust Service Criteria. We do not claim third-party attestation or certification unless explicitly stated. Documentation is available under NDA where applicable.