Security and privacy are foundational to how we build
Styldod's enterprise policy pack is available for customer review. These documents describe our current operating controls, data handling practices, and security commitments.
- 20Policies
- AES-256Encryption at Rest
- TLS 1.2+In Transit
- MFAProduction Access
Transparency note: Styldod does not currently hold formal third-party certifications such as SOC 2, ISO 27001, PCI DSS, or GDPR certification. The documents below describe current operating controls implemented by our engineering and leadership teams. We are actively maturing our security programme and pursuing SOC 2 readiness.
Security & Governance
Core information security framework and operational controls
- ISP-2026
Information Security Policy
Security governance, roles, access control, encryption, logging, secure development, AI security, incident management, and vendor controls.
- ISRM-2026
Information Security Risk Management Policy
Risk identification, assessment, severity classification, treatment options, monitoring, and risk register framework.
- PWD-2026
Password Policy
Password complexity, MFA requirements, credential handling, service account security, and lifecycle management.
- ACO-2026
Access Control and Offboarding Policy
Access provisioning, least privilege, privileged access, reviews, role changes, and offboarding procedures.
- VMP-2026
Vulnerability Management Policy
Vulnerability identification, severity classification, remediation targets, critical vulnerability handling, and penetration testing position.
- SIRP-2026
Security Incident Response Plan
Incident identification, severity classification, containment, investigation, remediation, customer notification, and post-incident review.
- BCDR-2026
Business Continuity and Disaster Recovery Policy
Continuity objectives, critical services, backup and recovery approach, escalation, and customer-specific requirements.
- AUP-2026
Acceptable Use Policy
Acceptable and prohibited use of systems, customer data, credentials, devices, and production environments.
- PEX-2026
Policy Exception Procedure
How policy exceptions are requested, reviewed, approved, tracked, and closed with required compensating controls.
- SPAT-2026
Security and Privacy Awareness Training Policy
Internal training and guidance approach, topics, cadence, onboarding, production readiness, and records.
Privacy & Data Protection
Enterprise data processing, retention, classification, and data subject rights
- EPDPS-2026
Enterprise Privacy and Data Processing Statement
Enterprise privacy statement covering data minimization, processor role, data categories, retention, international transfers, and security measures.
- DPA-2026
Data Processing Addendum Terms
Reusable DPA template for enterprise embedded integrations covering processing role, scope, subprocessors, transfers, deletion, and breach notification.
- DCM-2026
Data Classification Matrix
Classification of all data categories processed in enterprise embedded workflows with handling rules and access restrictions.
- DRD-2026
Data Retention and Deletion Policy
Retention principles, deletion processes, log retention, backups, customer-specific retention, and secure deletion methods.
- DSR-2026
Data Subject Rights Request Procedure
How Styldod supports enterprise customers with access, deletion, restriction, export, correction, and confirmation requests.
Operations & Vendors
Vendor management, integration architecture, and organizational standards
- VSM-2026
Vendor and Subprocessor Management Policy
Vendor due diligence, classification, approval process, subprocessor inventory, ongoing monitoring, and contractual safeguards.
- INT-2026
Third-Party Vendor Integration Overview
Technical architecture overview for enterprise iframe, widget, API, and hosted integrations including technology stack and access controls.
- COC-2026
Code of Conduct
Ethical standards, professional expectations, conflicts of interest, anti-corruption, supply chain standards, and non-retaliation commitments.
AI & Compliance
AI transparency, responsible disclosure, and enterprise integration commitments
- AI-2026
AI Output Notice and Transparency Statement
End-user transparency language for AI-generated outputs, use limitations, no automated decision-making commitment, and customer responsibilities.
- RDP-2026
Responsible Disclosure Policy
How to report security vulnerabilities, scope, coordinated disclosure timeline, and Styldod's commitments to good-faith reporters.
Security Controls at a Glance
Key technical and organizational measures currently in place
Encryption
HTTPS/TLS for all data in transit. AES-256 encryption at rest via AWS S3 and MongoDB Atlas managed encryption.
Access Control
Role-based least-privilege access. MFA for production systems. VPN-restricted remote access. Individual accounts enforced.
Network Security
AWS WAF with API Gateway and CloudFront. Input validation and controlled upload flows. Domain verification for integrations.
Logging & Monitoring
AWS CloudWatch logging for all production systems. Operational alerts via email and Slack. Restricted log access.
Secure Development
Mandatory code review before production deployment. Dev/stage/production separation. Dependency review and vulnerability monitoring.
AI Commitments
No use of customer data for unrelated AI training. No automated decision-making with legal effects. AI output transparency notices supported.
Contact & Responsible Disclosure
Security Contact
For privacy, security, or data protection matters related to enterprise integrations, reach us at:
security@styldod.comReport a Vulnerability
We value responsible disclosure. If you’ve found a security vulnerability in our products or infrastructure, please report it to us. Include "Security Vulnerability" in the subject line.
Report via Email →Enterprise Enquiries
For enterprise integration discussions, security questionnaires, DPA review, or production readiness planning:
enterprise@styldod.com