Legal
Data Protection & Security
Protecting your data is core to our mission. This statement outlines the safeguards Soymut LLC ("SOYMUT") applies to keep your information secure at every stage of its lifecycle.
1. Encryption Standards
All data in transit between your device and our servers is protected with TLS 1.2+ encryption. Sensitive data at rest is encrypted using AES-256 or stronger algorithms. Encryption keys are managed through hardened key management services with strict access policies and regular key rotation.
2. Access Controls
Access to production systems is restricted to a limited number of vetted team members, secured with multi-factor authentication, and monitored continuously. Role-based access controls ensure that team members only access the data required to perform their duties.
3. Infrastructure & Monitoring
Our infrastructure is hosted with leading cloud providers that maintain industry certifications such as ISO 27001, SOC 2, and PCI DSS. We monitor for vulnerabilities, maintain an incident response plan, and regularly test our controls through security reviews and penetration testing.
4. Data Minimisation & Retention
We collect only the data needed to deliver the Services and retain it no longer than necessary. When data is no longer required, we securely delete or anonymise it in accordance with our retention schedule.
5. Incident Response
In the unlikely event of a data incident, we will notify affected users and regulators when required, detailing the impact, mitigation steps, and remedies implemented. Our response process is regularly reviewed to ensure readiness.
6. Contact
If you have questions about our security posture or require a copy of relevant compliance reports, please contact us at info@soymut.com.