# Data Security & Processing Policy **Effective Date:** 25-07-2025 ## Data We Process When you submit spreadsheets for analysis, we process: - Business data contained in your files - Metadata about your files - Your email address and communications - Business context you provide ## Security Measures ### Technical Safeguards - Encrypted email communication (TLS encryption) - Secure local storage with password protection - Regular security updates on analysis systems - Secure deletion protocols for completed projects ### Administrative Safeguards - Single-person access (only the analyst handles your data) - No data sharing with third parties - Clear data retention and deletion schedules - Regular review of security practices ### Physical Safeguards - Secure workspace for data analysis - Locked storage when not in use - No printing of client data unless essential ## Data Processing Principles - **Purpose Limitation:** Data used only for providing your analysis - **Data Minimization:** We only process data necessary for insights - **Accuracy:** We work with data as provided, noting any quality issues - **Storage Limitation:** Files deleted within 30 days of completion - **Confidentiality:** Strict non-disclosure of all client information ## Data Handling Workflow 1. **Receipt:** Encrypted email reception and acknowledgment 2. **Analysis:** Local processing on secure systems 3. **Storage:** Temporary encrypted storage during analysis period 4. **Delivery:** Insights delivered via encrypted email 5. **Deletion:** Complete file deletion within 30 days ## Your Data Rights - **Access:** Request copy of data we hold about you - **Correction:** Request correction of inaccurate data - **Deletion:** Request immediate deletion of your data - **Portability:** Request your data in machine-readable format - **Restriction:** Request limitation of processing activities ## Data Breach Protocol In the unlikely event of a data breach: - Immediate containment and assessment - Client notification within 24 hours - Regulatory notification as required - Full incident documentation and remediation ## International Data Transfers If you're located outside the United Kingdom, your data may be processed across borders. We ensure: - Adequate protection standards - Appropriate transfer mechanisms - Your rights remain protected ## Third-Party Processors We may use: - **Email providers:** For communication (Gmail with encryption) - **File storage:** Temporary encrypted storage during analysis - **Security tools:** For system protection All third parties are bound by strict confidentiality agreements. ## Compliance Standards This policy ensures compliance with: - General Data Protection Regulation (GDPR) - California Consumer Privacy Act (CCPA) - Industry best practices for data security ## Contact for Data Security For questions about data security or to exercise your rights: Email: spreadsheetdistillery@gmail.com Subject: "Data Security Inquiry" ## Regular Reviews This policy is reviewed and updated annually or when processing activities change significantly. --- *Your trust in our data handling is fundamental to our service.*