Security & Data Practices

Our Commitment to Security

• Secure Development: Security is integrated throughout our software development lifecycle, from design to deployment.
• Access Control: We enforce strict, least-privilege access controls for all systems and data, ensuring only authorized personnel can access client information.
• Data Encryption: Sensitive data is encrypted using industry standards—AES-256 for data at rest and TLS 1.2+ for data in transit.
• Regular Reviews: We periodically review and update our security measures to adapt to evolving threats and industry best practices.
• Confidentiality: All team members and subcontractors are bound by confidentiality agreements and receive regular security and privacy training.
• Vendor & Subprocessor Management: We carefully select and regularly review third-party vendors and subprocessors (such as cloud hosting, analytics, and payment processors) to ensure they meet our security and confidentiality standards.

Shared Responsibility

While we implement robust security controls, security is a shared responsibility. Clients are responsible for:

• Safeguarding their own credentials and user accounts,
• Managing access to their own systems and third-party integrations,
• Promptly notifying us if they suspect unauthorized access or a security issue related to our services.

Incident Response & Breach Notification

If we identify a security incident or data breach affecting your information, we will:

• Notify you promptly in accordance with Florida law,
• Work with you to mitigate risks,
• Fulfill any legal or contractual obligations related to breach notification.

Handling Sensitive & Regulated Data

• HIPAA: For clients subject to HIPAA, we are prepared to sign Business Associate Agreements (BAAs) and implement the required administrative, physical, and technical safeguards for Protected Health Information (PHI).
• Data Privacy (CCPA/CPRA, GDPR): While not directly regulated under these laws, our security posture incorporates their principles. We are prepared to support your compliance needs when processing relevant personal data.
• FINRA/Financial Services: For financial sector clients, we understand the importance of data integrity, confidentiality, and availability, and will work with you to align our services with your vendor management and data handling policies.

Data Retention & Deletion

• Retention: We retain client data only as long as necessary for service delivery or as required by law (e.g., billing and tax-related data for 5 years).
• Secure Deletion: Upon project completion or contract termination, we will securely delete or return your data as specified in our agreement, unless retention is legally required.

Your Data, Your Control

• Data Processor Role: Within our services, we act as a data processor; you remain the data controller.
• Transparency: Our Privacy Policy explains how we handle personal data collected through our website. Contractual agreements detail data handling for specific engagements.
• Collaboration: We work closely with you to understand and meet your unique data handling, security, and compliance requirements.

Employee & Subcontractor Training

All employees and subcontractors receive regular security and confidentiality training to ensure ongoing awareness of best practices and legal obligations.

Contact & Escalation

If you have specific questions about our security practices, need to report a concern, or require support for compliance needs, please contact us:

• For general security inquiries: security@everydayworkflows.com
• For urgent security matters: Please include "Urgent" in your subject line for priority handling.