Trust & Security | AMBER FALCON LLC

§ 01Summary

This page describes how we protect the public website and client work. It is not a certification claim. We do not currently claim SOC 2, ISO 27001, PCI-DSS certification, or HIPAA compliance for the public marketing site.

§ 02Security controls

HTTPS/TLS for production website traffic.
Least-privilege access for systems and client workspaces.
Multi-factor authentication for core business accounts where supported.
Separate client workspaces and access scopes where practical.
Dependency review, package updates, and vulnerability monitoring for website code.
Backups, version control, and change tracking for project assets where applicable.

§ 03Data handling

We limit collection to information needed for inquiries, proposals, projects, billing, support, and security. Client data is handled under the applicable agreement and, where relevant, our Data Processing Addendum.

§ 04Payments

The public site does not collect payment-card numbers. If payment processing is used for clients, card data should be processed by a PCI-compliant payment provider rather than stored on our servers.

§ 05Incident response

If we confirm a security incident affecting personal information or client data, we will investigate, contain the issue, preserve relevant records, notify affected parties when required, and cooperate with legal or regulatory obligations.

§ 06Report a vulnerability

Please report suspected vulnerabilities to hello@amberfalconseo.com. Include steps to reproduce, affected URLs, browser/device details, and any logs or screenshots. Do not access, alter, delete, or exfiltrate data that does not belong to you.

§ 07Limitations

Security is a shared responsibility and no system is perfect. This page describes our current public posture and intent. Specific client security requirements must be written into the applicable statement of work or security addendum.