← Back to Privacy Policy
Iron Amethyst Holdings, LLC (EIN: 82-3075801)
1. Purpose
This policy establishes the framework to identify, mitigate, and monitor information security risks. It applies to all systems, data, and personnel.
2. Scope
All systems, applications, data, and infrastructure owned or operated by Iron Amethyst Holdings, LLC including cloud-hosted services and third-party integrations.
3. Governance
Managing Member (Joseph Tandle) is responsible for security oversight. Contact: newyork1@gmail.com
4. Identity and Access Management
- MFA required for all accounts with production access.
- Least-privilege access enforced across all systems.
- Strong unique passwords managed via password manager.
- Physical and virtual access restricted to authorized individuals.
- Third-party access reviewed and limited.
5. Data Security
- All data in transit encrypted using TLS 1.2 or higher.
- Sensitive data stored on encrypted volumes.
- Access restricted to authorized systems and personnel.
6. Vulnerability Management
- OS and software updates applied regularly.
- Security advisories reviewed periodically.
- Critical patches applied promptly.
- Unused services and ports disabled.
7. Incident Response
Managing Member notified immediately of any suspected breach. Scope assessed, threat contained, affected parties notified as required by law, incident documented.
8. Privacy and Data Use
- Data collected only for legitimate business purposes.
- Financial data from third-party APIs used solely for internal financial management.
- Data not sold or shared for commercial purposes.
9. Data Retention and Deletion
Data retained only as long as necessary. Securely deleted upon termination or request. Policy reviewed annually.
10. Policy Review
Reviewed annually by the Managing Member.
Effective Date: April 1, 2026
← Back to Privacy Policy