SecurıdigmA new paradigm for small-business cybersecurity
Data handling

Client Data Handling Statement

Cybersecurity posture assessments · last updated June 2026

The information gathered during a cybersecurity posture assessment is, by its nature, a sensitive description of an organization’s controls and weaknesses. Securidigm treats this information as confidential throughout the engagement and handles it under the practices described below. This statement is provided so your security, procurement, and vendor-risk teams can evaluate our handling of your data before work begins.

Collection — no public-facing intake

Assessment data is gathered through live, facilitated interviews conducted in person or over a secured video session (such as Microsoft Teams or Zoom). Responses are entered directly by the assessor into a single, controlled workstation. There is no internet-facing questionnaire, web portal, or public submission system to be attacked or compromised.

Storage — a single, encrypted system of record

  • The workstation used to record assessment data is protected with full-disk encryption at rest.
  • Access requires strong authentication, and the device locks automatically when unattended.
  • Backups are encrypted and access-controlled, preserving availability without widening exposure.

Documentation review — observed, not retained

Where reviewing a client’s documentation — policies, configurations, network diagrams — helps assess readiness, those materials are reviewed live during the engagement and characterized in the assessor’s notes. Securidigm does not copy or retain the underlying artifacts; screenshots, policy files, and configuration exports remain in your control at all times.

Video conferences — minimized retention

When assessments are conducted by video, recording and automated transcription are disabled by default. The assessor captures structured notes rather than verbatim recordings, limiting the data retained.

AI-assisted drafting — disclosed and bounded

To turn assessment findings into first-draft documents — the report narrative, the roadmap, and policy language — Securidigm uses a third-party AI service, Anthropic’s Claude. For that step, assessment information is transmitted to and processed by Anthropic under its confidentiality and data-use terms, solely to generate those drafts. Per those terms, the information is not used to train AI models. Scoring and risk ratings are computed deterministically and are never set by AI, and every AI-assisted draft is reviewed by the advisor before it reaches you.

Confidentiality, retention, and return

Assessment information is used solely to deliver the agreed engagement and is not disclosed to third parties except as described in this statement or as authorized in writing. Data is retained only as long as needed to complete the engagement and any agreed follow-on work, then returned or securely destroyed at your direction.

Contractual posture

Engagements are governed by written confidentiality and, where applicable, data-processing terms. Questions about this statement, or the terms that govern an engagement, are welcome — michael@securidigm.com.