← Back home

Security

Our approach to protecting client data and engagements.

Data handling

Client information is treated as confidential by default. We collect only what's needed for an engagement, store it in access-controlled systems, and delete it when it is no longer required.

Encryption

All traffic to and from our website is encrypted in transit (TLS 1.2+). Data held by our SaaS processors is encrypted at rest using industry-standard algorithms.

Access control

Access to client data is restricted to the engagement team on a need-to-know basis. We enforce strong authentication, unique credentials, and MFA on all critical systems.

Vendor due diligence

We work with established vendors (e.g. hosting, scheduling, analytics, communications) that maintain recognized security certifications such as SOC 2 or ISO 27001.

AI tooling guidelines

When we use AI tools during engagements, we configure them to avoid training on client data, prefer enterprise tiers with data-processing agreements, and document tool usage with each client.

Incident response

If we become aware of a security incident affecting client data, we will notify the affected client without undue delay and cooperate on remediation.

Report a concern

Found a vulnerability or have a security question? Email hello@commondenominator.email and we'll respond promptly.