Information Security

Compliance Policies

Complete information security policy documentation for SafeRedact. All policies are maintained under Cambridge Holdings, LLC and reviewed annually.

Version 1.0 — Effective March 16, 2026 — 13 documents

GDPR & CCPA

Download All Policies

Complete policy pack — 13 documents (.docx)

Download ZIP

Core ISMS

Information Security Policy (ISMS)
Master ISMS policy — scope, objectives, risk framework, roles & governance
.docx
Risk Assessment and Treatment
Risk methodology, 5×5 scoring matrix, treatment options, risk register
.docx

Access & Operations

Access Control
Least privilege, MFA, password policy, API key management, account lifecycle
.docx
Incident Response
Severity classification, response phases, breach notification timelines (72hr GDPR)
.docx
Change Management
Standard/normal/emergency changes, deployment pipeline, detection engine controls
.docx

Vendors & Data

Vendor and Supplier Management
Anthropic, Vercel, Supabase, Stripe assessments — DPA requirements
.docx
Data Classification and Handling
4-tier classification, zero-storage architecture, retention schedules, disposal
.docx

Continuity & Operations

Business Continuity and Disaster Recovery
RTO/RPO targets, dependency mapping, restoration priority, annual testing
.docx
Acceptable Use
Permitted activities, prohibited actions, workstation security, monitoring
.docx

Technical Controls

Cryptography and Key Management
Approved algorithms, key storage, rotation schedules, certificate management
.docx
Logging, Monitoring, and Audit
Event logging, retention periods, continuous monitoring, alerting, internal audits
.docx

Privacy & People

Privacy and Data Protection
GDPR/CCPA compliance, data subject rights, international transfers, privacy by design
.docx
Human Resources Security
Background screening, security training, termination procedures, contractor access
.docx

Related Legal Documents

Data Processing Agreements and security architecture documentation.

Data Processing Agreements Security Architecture