Privacy, Non-disclosure, and
Data Retention.
In the course of normal work, consultants and other independent contractors may receive, view, or interact with company confidential information. This may include sales plans, customer lists, employee passwords, financial data, intellectual property, and more.
qosmic recognizes that accidental disclosure of that information to competitors, threat actors, or other unauthorized parties can do irreparable harm to our clients, which is why we treat client data with the utmost discretion.
It is our policy to:
Request a Nondisclosure Agreement (NDA) or formal contract that contains similar language prior to the start of any engagement.
Use account segmentation tools, such as browser containers, to separate our clients’ credentials as much as possible.
Restrict the installation of software on our computers that directly accesses client confidential information except inside a virtual machine. (For the purposes of this policy, confidential information does not include test data unless specifically marked as such by the client.)
Take all reasonable steps to exclude client data, excepting email communication, from our regular backups, or else segment the data into folders for easy purging.
Require that any Personally Identifiable Information (PII), Protected Health Information (PHI), and credit card or bank information be collected, processed, or stored by client systems or third party systems and not by or on any machine or account owned by qosmic.
Delete any client data or confidential information after the termination or conclusion of an engagement, except what was shared by the client via email or any documents that may legally survive the engagement, such as contracts, invoices, etc.
For questions,