Last updated: 04/04/25

This clause outlines the technical and organizational measures implemented by CREACH AGENCY to ensure the confidentiality, integrity, and security of data processed through the NEXTLEAD CRM platform.

1. Confidentiality Commitment

CREACH AGENCY commits to:

• Never access or use customer data except for support or maintenance purposes, and only upon explicit request.
• Never sell, rent, or share user data with unauthorized third parties.
• Train all employees and contractors involved in data handling on security and confidentiality best practices.

2. Technical Security Measures

CREACH AGENCY has implemented the following safeguards to protect data:

• Data in transit encryption: All communications with NEXTLEAD are encrypted using HTTPS (TLS 1.2 or higher).
• Data at rest encryption: All stored data is encrypted in Supabase’s infrastructure (located in Ireland).
• Secure authentication: User accounts are protected by hashed passwords and secure session management.
• Access control: Administrative access to production environments is strictly limited, monitored, and logged.

3. Backups and Business Continuity

• Automatic backups of user data are performed on a regular basis.
• Business continuity and disaster recovery plans are in place to minimize downtime and data loss.
• In the event of a major incident, recovery procedures ensure data restoration as quickly as possible.

4. Monitoring and Alerts

• The platform is actively monitored for performance, errors, and suspicious activity.
• Security alerts and automated logging help detect abnormal behavior and potential vulnerabilities.