Security
Our approach to protecting client data and engagements.
Data handling
Client information is treated as confidential by default. We collect only what's needed for an engagement, store it in access-controlled systems, and delete it when it is no longer required.
Encryption
All traffic to and from our website is encrypted in transit (TLS 1.2+). Data held by our SaaS processors is encrypted at rest using industry-standard algorithms.
Access control
Access to client data is restricted to the engagement team on a need-to-know basis. We enforce strong authentication, unique credentials, and MFA on all critical systems.
Vendor due diligence
We work with established vendors (e.g. hosting, scheduling, analytics, communications) that maintain recognized security certifications such as SOC 2 or ISO 27001.
AI tooling guidelines
When we use AI tools during engagements, we configure them to avoid training on client data, prefer enterprise tiers with data-processing agreements, and document tool usage with each client.
Incident response
If we become aware of a security incident affecting client data, we will notify the affected client without undue delay and cooperate on remediation.
Report a concern
Found a vulnerability or have a security question? Email hello@commondenominator.email and we'll respond promptly.