Trust
Trust, security, and how we handle data.
This page summarizes how we approach security and compliance today, what attestations we do or do not publish yet, and which categories of service providers may process data. It complements our Privacy Policy and Terms of Use—not a substitute for a signed agreement or your own counsel.
Last updated: May 5, 2026
Security posture
We apply reasonable administrative, technical, and organizational measures appropriate to the sensitivity of data we handle: least-privilege access for our team, strong authentication on business systems, encryption in transit for services we operate, and vendor diligence for tools that touch client or website data.
For professional services, client data typically resides in your cloud accounts or environments you designate. We document access paths, retention, and controls as part of delivery—not as a separate marketing claim.
We do not guarantee uninterrupted or error-free operation of the public website; see our Terms of Use.
Compliance & attestations
SOC 2: Datsols does not currently publish a SOC 2 Type I or Type II report. We organize our practices around themes common to SOC 2 (security, availability, confidentiality where applicable) and can complete vendor security questionnaires and diligence calls as part of procurement.
Roadmap: As client and regulatory expectations evolve, we may pursue independent examinations or certifications. When we do, this page will list the scope, period, and where to request reports under NDA.
Your obligations: Compliance for systems we build or operate in your environment remains shared: you own policies, end-user notices, and regulator-facing narratives unless a contract assigns specific responsibilities to us.
Data handling summary
High-level only—see the Privacy Policy for legal detail.
| Context | Typical data | Notes |
|---|---|---|
| Public website | Contact/consultation requests (via your mail client), technical logs, cookies per our Cookie Policy. | No sale of personal information; see Privacy Policy. |
| Professional services | Business contact data, configuration and operational data in customer systems, artifacts produced under contract. | Scope, retention, and subprocessors for a specific engagement are defined in the SOW or DPA as applicable. |
| Careers | Application materials you submit. | Processed per Privacy Policy and any notice at collection. |
Subprocessors & infrastructure
Categories of providers that may process data on our behalf or deliver the public site. Exact vendors can change with infrastructure updates; for contractual subprocessors on a given engagement, rely on your agreement or ask [email protected].
| Function | Role | Examples / notes |
|---|---|---|
| Website hosting & CDN | Hosts and serves datsols.com assets and edge logic. | Provider depends on deployment (e.g., managed application hosting). May process IP addresses and request metadata in server logs. |
| Email & productivity | Business email, documents, ticketing as we adopt tools. | Contact and consultation forms use a mailto: pattern—messages are composed in your client unless we state otherwise. |
| Scheduling (optional) | If a scheduling link is enabled on Consultation. | Third-party scheduler under its terms; we do not control its infrastructure. |
| Client cloud & SaaS | Systems you designate for delivery. | Treated as your subprocessors or data processors; we access under least privilege for the engagement. |
Security inquiries & reports
For security questions, vendor questionnaires, or suspected vulnerabilities related to our public properties, email [email protected] with “Security” in the subject line. We ask that researchers avoid disruptive testing and allow reasonable time for remediation before public disclosure.