Legal
Security
Security and confidentiality of client data is a first-class concern in every Snapshard engagement. This page summarizes our posture for the marketing site and describes how data is handled during paid client work.
This website
https://snapshard.com is a static marketing site. It does not store user accounts, payment information, or sensitive data. The only personal data captured is what you voluntarily submit through the contact form (name, email, company, message), which is forwarded to us by email and retained as described in our Privacy Policy.
- HTTPS enforced site-wide.
- No third-party advertising trackers.
- Modern security headers (CSP, HSTS, X-Content-Type-Options) configured at deploy time.
Client engagements
Data shared during paid client work is governed by the per-engagement contract (MSA + SOW), and a Data Processing Addendum (DPA) when client data includes personal information. Standard practices include:
- NDAs in place before any non-public information is shared.
- Client data handled in client-controlled or jointly-agreed environments by default.
- Least-privilege access, with credentials stored in a password manager and rotated.
- Encryption in transit (TLS 1.3) and at rest where data is persisted by Snapshard.
- Endpoint security on the engineer device (full-disk encryption, automatic OS updates).
- Incident notification within 72 hours of confirmed exposure of client data.
Compliance
Snapshard is a single-member LLC formed in Wyoming. We do not currently hold formal security certifications (SOC 2, ISO 27001). For engagements that require certified posture, we work within the client's certified environment and follow the client's controls.
Reporting a security issue
If you believe you've found a security issue with this website or any work product, please email contact@snapshard.com with details and steps to reproduce. We aim to respond within one business day.