🔐 Data Security Policy

Last Updated: December 5, 2025

Fundamentum takes data security seriously and implements strong measures to protect all client information. This policy outlines our approach to security and the responsibilities we uphold when handling sensitive or confidential data.

1. Security Philosophy

Our guiding principle is simple: client data must always remain private, secure, and fully controlled by the client.
We follow a “least privilege,” “zero retention,” and “no external storage” philosophy wherever possible.

2. Access Controls

  • Access to client environments, systems, or data is granted only as required for project execution.

  • Access is limited to authorized individuals and is revoked promptly upon project completion.

  • Strong authentication methods (MFA, secure passwords, or client-specific requirements) are used at all times.

3. Data Handling & Storage

  • Client data is processed only within the environments approved or provided by the client.

  • We do not store or copy client-owned datasets to personal devices or unapproved systems.

  • Data is never transferred outside of the client’s infrastructure unless explicitly authorized in writing.

4. Encryption & Secure Communication

  • All communications about client projects occur through secure channels.

  • We rely on encrypted transport (HTTPS, SFTP, SSH, VPN, etc.) whenever supported by the client’s systems.

  • Sensitive data is never transmitted over unsecured communication methods.

5. Device & System Security

Fundamentum systems follow industry best practices, including:

  • Encrypted devices

  • Automatic security updates

  • Strong authentication

  • Firewall and antivirus protections

  • Secure password management

We also adhere to any additional requirements set by client organizations.

6. No Data Selling or Sharing

We never sell, rent, trade, or exploit client data for profit.
We never use client data for internal training, marketing, or model development.

Data is shared only:

  • At the client’s explicit direction, or

  • When legally required.

7. Compliance With Client Policies

When contracting with a client, we fully adopt and follow that organization’s:

  • Security requirements

  • Data governance rules

  • Compliance frameworks (GDPR, CCPA, SOC2, HIPAA where applicable)

  • Access and identity policies

We treat ourselves as an extension of the client’s team.

8. Data Retention & Deletion

  • Client data is retained only for the minimum time required to complete agreed-upon work.

  • Upon project completion, any temporary data stored per client instruction is securely deleted.

  • Documentation or deliverables kept for reference never include raw client data.

9. Incident Response

If a potential security risk or incident is detected:

  • We immediately notify the client.

  • We cooperate fully with any investigation.

  • We follow the client’s required incident response procedures.

Fundamentum has zero tolerance for security negligence and takes every step to prevent issues.

10. Updates to This Policy

We may update our Data Security Policy as technology, standards, or client requirements evolve. The latest version will always be available on our website with an updated revision date.

11. Contact Us

For questions about security practices, email:
fundamentumconsult@gmail.com