Trust

Security & Data Protection

Last reviewed: YYYY-MM-DD

We work with business data, internal systems, and operational processes that require discretion. The practices on this page apply across our engagements — data platforms, AI systems, internal tools, and business-critical software. Specific commitments are formalized in engagement agreements and Data Processing Agreements where personal data is involved.

Confidentiality

  • All client engagements are governed by mutual confidentiality. We sign NDAs as the default.
  • Client data, source code, business documentation, and strategic context are not shared outside the engagement team.
  • We do not publish client names, project details, or anonymized case studies without written permission.

Access control

  • Access to client systems is granted on a need-to-know basis to specific named individuals.
  • We use multi-factor authentication on all systems where it is supported.
  • Access is reviewed during the engagement and revoked when it ends or when team membership changes.
  • Production access is separated from development access where the client environment supports it.

Source code and development environments

  • Code is stored in repositories nominated by the client (for example GitHub, GitLab, or Azure DevOps) under their account, or in a dedicated repository where they hold administrative access.
  • Local development environments use scoped credentials that can be rotated.
  • We do not retain copies of client source code on personal devices once an engagement ends.

Client data

  • We do not move client data outside the client's environment unless required for the engagement and authorized in writing.
  • Data used for development or testing is anonymized or synthetic where possible.
  • Where personal data is involved, processing is governed by a Data Processing Agreement and aligned with applicable data protection law (including GDPR where it applies).

Cloud and infrastructure

  • We work within the cloud accounts and tenants nominated by the client (AWS, Azure, GCP, or others).
  • Where we operate infrastructure on behalf of the client, we follow the principle of least privilege and apply network, identity, and audit controls appropriate to the workload.
  • Secrets and credentials are managed through the client's chosen secret management tooling.

AI and model usage

  • Client data is not used to train third-party general-purpose models without explicit authorization.
  • When AI features are part of an engagement, we document which models, providers, and data flows are involved.
  • We help clients evaluate which AI providers and deployment options match their data residency, retention, and confidentiality requirements.

Subprocessors

A current list of subprocessors used in delivery is provided on request as part of engagement onboarding or due diligence.

Incident response

Notification expectations are agreed at the start of each engagement. Where an incident affects client data or systems we operate, we notify the client without undue delay, support remediation, and conduct a post-incident review.

Due diligence and procurement

For procurement, vendor risk, or compliance documentation requests — including security questionnaires and DPAs — contact us at hello@orchestronlab.com with a brief description of your request and we will respond promptly.