Galeo Strategy

Legal

Data Security & Privacy

Galeo works inside our clients' core systems and, in the course of an engagement, may access confidential business data. We treat the security of that data as fundamental to the trust our clients place in us. This policy describes the standards we hold ourselves to.

Access & Credentials

We access client systems only where required to deliver a scoped engagement, using the minimum level of access necessary. Client credentials and API keys are stored in a dedicated, encrypted password manager — never in documents, email, or messaging tools. Access is granted to named team members only and is revoked at the conclusion of an engagement.

Data in Transit & at Rest

Data exchanged between systems is protected using industry-standard encryption (TLS/SSL). We build on established, reputable platforms that maintain their own recognized security and compliance certifications.

Artificial Intelligence

Where an engagement uses AI tools, we operate under enterprise and API-tier agreements that do not permit client data to be used to train third-party models. We define, with each client, the categories of sensitive data that are excluded from automated processing unless explicitly authorized in writing.

Third-Party Tools

We maintain awareness of the platforms that client data passes through during an engagement and can provide clients with a current list of these tools on request.

Retention & Return

At the conclusion of an engagement, client data in our possession is returned or securely deleted according to the client's instruction, and confirmed in writing.

Incident Response

In the event of a suspected security incident affecting client data, we will notify the affected client promptly and work directly with them to contain and resolve the issue.

Client Requirements

We recognize that many clients operate under their own regulatory or contractual obligations. During onboarding, we document any client-specific security requirements and incorporate them into the terms of the engagement.

For questions regarding this policy, contact info@[domain].

← Back to home