🔒 Verified Security Policy

Data Security & Privacy

Our comprehensive approach to protecting client assets, project data, and digital infrastructure.

📅 Last Updated: November 14, 2025

Our Security Commitment

At Apple Touch Icon.png, we recognize that digital icons and brand assets represent the visual identity of your business. Protecting these assets, along with the project data and communications associated with them, is our highest priority.

We implement industry-standard security practices across our design pipeline, cloud infrastructure, and client communications. This document outlines how we collect, store, process, and protect your information, and what steps you can take to maintain control over your data.

Our Promise: We will never sell, rent, or share your project files, brand guidelines, or personal information with third parties for marketing purposes. Your assets remain yours, exclusively.

Encryption & Secure Storage

All data in transit and at rest is protected using modern cryptographic standards:

  • In Transit: TLS 1.3 encryption for all client communications, file uploads, and downloads.
  • At Rest: AES-256 encryption for all stored project files, client databases, and backup archives.
  • Cloud Infrastructure: Hosted on ISO 27001 & SOC 2 Type II compliant providers with automated daily off-site backups.
  • File Transfer: Secure, expiring download links with password protection for all final deliverables.

Data Collection & Processing

What We Collect

To deliver premium design services, we may collect:

  • Contact information (name, email, company, phone) for project coordination
  • Brand assets, style guides, and reference materials provided by you
  • Project specifications, revision notes, and feedback correspondence
  • Payment information processed securely through PCI-DSS compliant gateways (we do not store credit card details)

How We Use It

Data is used solely for: executing design contracts, communicating project updates, invoicing, and improving our service delivery. We retain project files for 12 months post-delivery to accommodate revisions or asset requests, after which they are securely purged from active systems unless extended retention is contractually agreed upon.

Access Control & Personnel Security

Access to client data is strictly governed by the principle of least privilege:

  • Role-Based Access: Only assigned designers and project managers have access to specific client files.
  • Multi-Factor Authentication (MFA): Required for all internal systems, cloud storage, and email accounts.
  • Employee Vetting: All team members undergo background checks and sign strict NDAs regarding client confidentiality.
  • Session Management: Automatic logout after 30 minutes of inactivity on shared or public workstations.

Third-Party Integrations & Data Transfers

We utilize trusted third-party services to enhance our design workflow, including project management tools, cloud storage, and communication platforms. All vendors are evaluated against our security checklist and must comply with data protection agreements.

If any personal data must cross international borders, we ensure compliance with applicable data transfer mechanisms, including Standard Contractual Clauses (SCCs) where required by GDPR or other regional frameworks.

Compliance & Standards

Apple Touch Icon.png aligns its data practices with recognized privacy and security frameworks:

  • GDPR: Full compliance for EU-based clients, including data subject rights, consent management, and right to erasure.
  • CCPA/CPRA: Transparency and opt-out mechanisms for California residents.
  • ISO 27001 Alignment: Internal policies mirror information security management best practices.
  • PCI-DSS: Payment processing handled exclusively by certified external providers.

Security Incident Response

In the unlikely event of a security breach or data exposure, we maintain a documented incident response plan:

  1. Detection & Containment: Immediate isolation of affected systems to prevent data spread.
  2. Assessment: Forensic analysis to determine scope, cause, and impacted assets.
  3. Notification: Clients will be notified within 72 hours of confirmed impact, as required by applicable law.
  4. Remediation: Patching, system restoration, and security policy updates to prevent recurrence.

We maintain cyber liability insurance and conduct bi-annual third-party penetration testing to proactively identify vulnerabilities.

Contact Our Security Team

If you have questions about this policy, wish to exercise your data rights, or need to report a security concern, please contact our dedicated privacy and security channel:

🛡️ Security & Privacy Office

For urgent security matters, vulnerability disclosures, or data access requests, please reach out directly. We respond to all security inquiries within 24 hours.

📧 security@apptouchicon.com
🔐 PGP Key Available Upon Request
🌐 Submit a Vulnerability Report