ALLEN Agent LLC takes the security of our clients' data, systems, and communications seriously. This page describes the security practices we follow and the measures we recommend for systems we build.
1. Data Encryption
- In transit: All data transmitted between client systems, our infrastructure, and third-party APIs is encrypted using industry-standard TLS 1.2 or higher.
- At rest: Sensitive data stored in databases or file systems is encrypted using AES-256 or equivalent algorithms, depending on the service provider.
2. Access Control
- Multi-factor authentication (MFA) is required for all internal systems, source code repositories, and cloud accounts.
- Access to client data is restricted on a need-to-know basis. Only personnel directly involved in delivering an engagement have access.
- All access is logged and reviewed periodically.
- Credentials and API keys are stored in secure secret management tools (such as 1Password, AWS Secrets Manager, or equivalent).
3. Infrastructure Security
We build and deploy systems on enterprise-grade cloud infrastructure, including:
- Amazon Web Services (AWS) — SOC 2, ISO 27001, GDPR compliant;
- Google Cloud Platform (GCP) — SOC 2, ISO 27001 compliant;
- Microsoft Azure — SOC 2, ISO 27001 compliant;
- Vercel, Netlify, and similar platforms for hosting.
These providers maintain physical and network security controls that meet or exceed industry standards.
4. Secure Software Development
- Source code is stored in private, access-controlled repositories.
- Code is reviewed before deployment to production.
- Dependencies are scanned for known vulnerabilities.
- Sensitive credentials are never hardcoded in source code.
5. AI Model Security
When integrating AI models from providers like OpenAI, Anthropic, or Google, we follow best practices including:
- Using providers with strong data handling policies (e.g., no training on customer data);
- Sanitizing inputs to prevent prompt injection attacks;
- Implementing rate limiting and abuse detection;
- Avoiding the transmission of unnecessary personal or sensitive data to AI models.
6. Payment Security
All payment processing is handled by PCI-DSS compliant third-party providers including Stripe, PayPal, and Slash. ALLEN Agent LLC does not store full credit card numbers on its own systems.
7. Incident Response
If we become aware of a security incident affecting client data, we will:
- Notify affected clients without undue delay (typically within 72 hours where legally required);
- Investigate the scope and cause of the incident;
- Take remediation steps to mitigate harm;
- Cooperate with regulatory authorities as required.
8. Employee Security
- All personnel sign confidentiality agreements before accessing client data.
- Security training is provided on an ongoing basis.
- Background checks are performed where appropriate.
9. Client Responsibilities
Security is a shared responsibility. Clients are responsible for:
- Maintaining the security of their own accounts, credentials, and systems;
- Following the recommendations and security configurations we deliver as part of an engagement;
- Reporting any suspected security issues to us promptly;
- Complying with applicable security regulations for their industry.
10. Reporting Security Issues
If you discover a security vulnerability or have a security concern, please email us at contact@allenagent.llc. We take all reports seriously and will respond promptly. Please do not publicly disclose vulnerabilities before giving us a reasonable opportunity to remediate.
11. Compliance
ALLEN Agent LLC's services are designed to support clients in meeting their compliance obligations under regulations including GDPR, CCPA/CPRA, HIPAA (where applicable and contractually agreed), and industry-specific requirements. See our Data Processing Agreement for more details.
Questions about this policy?
ALLEN Agent LLC · Operated by Chris Allen Schulenberg Sr
1637 E Missouri Ave, Dallas, TX 75216, United States
Email: contact@allenagent.llc
Phone: +1 737-378-2419
EIN: 42-2584400