Security & Data Practices

Our work often involves business systems, workflows, reports, automations, and data. Because of that, we take confidentiality seriously — and we believe good data work should be careful, respectful, and responsible.

Our approach

We only ask for access to the systems, files, and information needed to complete the agreed work.

We do not want unnecessary access. We do not want extra data "just in case." The less sensitive information that needs to move around, the safer the project is for everyone.

When possible, we prefer to work inside the tools and systems a client already uses — such as their existing spreadsheets, CRM, website platform, reporting tools, or business software. This helps reduce unnecessary copying, exporting, and storage of client data.

Client confidentiality

Any business information shared with Netalyt is treated as confidential. This may include:

  • Customer data
  • Sales information
  • Internal reports
  • Business processes
  • Pricing information
  • Website or system access
  • Strategy documents
  • Marketing data
  • Operational workflows
  • Project notes and discussions

We do not share client information publicly without permission. If a project becomes a case study, portfolio example, or public write-up, we will either get approval first or remove identifying details where appropriate.

Access to client systems

When a project requires access to a client system, we follow a few simple rules:

  • Access should be approved by the client
  • Access should be limited to what is needed
  • Passwords should not be shared through plain text messages when avoidable
  • Multi-factor authentication should be used when available
  • Access should be removed when it is no longer needed
  • Client-owned accounts are preferred over sharing personal credentials

For example, if we are helping with reporting, automation, or website improvements, it is usually better for the client to give limited permission inside their own system rather than sending over a main account password.

Data minimization

We try to keep data use focused. That means we aim to collect, export, or store only what is needed for the project. If a project can be completed with sample data, filtered data, or non-sensitive information, we prefer that approach.

This helps protect clients while still allowing us to build useful reports, automations, and workflows.

Use of AI tools

Netalyt may use AI tools to support work such as research, writing, automation planning, workflow design, data analysis, and technical implementation.

However, we do not intentionally place sensitive client information into AI tools unless it is needed for the project and approved by the client. When AI is used, we aim to keep inputs limited, relevant, and appropriate. In many cases, we can use summaries, sample data, anonymized data, or cleaned versions of information instead of raw sensitive data.

Our goal is to use AI responsibly, not carelessly.

Third-party tools

Some projects may involve third-party tools for things like automation, analytics, dashboards, cloud storage, websites, forms, AI, or customer management systems. Examples may include tools for:

  • Reporting and dashboards
  • Workflow automation
  • Website updates
  • Data storage
  • Project management
  • AI-assisted work
  • Customer communication
  • Forms and intake systems

We choose tools based on the needs of the project and aim to avoid unnecessary risk. If a tool will handle important client data, we want the client to understand what the tool is being used for and why.

Data storage and retention

Project files, exports, reports, and working documents may be stored during the project so the work can be completed properly.

When a project ends, data can be handled based on the agreement with the client. This may include returning files, deleting working copies, archiving project materials, or keeping certain deliverables for future support.

Our preference is simple: do not keep client data longer than it is reasonably needed.

Credentials and passwords

We encourage clients not to send passwords through normal email, text messages, or chat when avoidable. Better options include:

  • Creating a separate user account for Netalyt
  • Giving limited permissions inside the client's system
  • Using a secure password manager
  • Removing access after the project is complete
  • Updating passwords if temporary access was shared

Whenever possible, we prefer permission-based access instead of shared passwords.

Reports, dashboards, and automations

When we build reports, dashboards, or automations, we aim to make them useful and understandable. We also try to be careful with who can view or edit them.

A good report is not just accurate. It should also be shared with the right people, protected from unnecessary access, and built in a way the client can understand and maintain.

Communication and transparency

If there is ever a concern about data access, tool usage, or confidentiality, we want clients to bring it up. We are happy to explain:

  • What information is needed
  • Why it is needed
  • Where it will be used
  • What tools are involved
  • How access can be limited
  • What happens after the project ends

Good security starts with clear communication.

If something goes wrong

If we become aware of a possible data issue, access problem, or security concern, we will take it seriously. Our goal would be to:

  1. Notify the client as soon as reasonably possible
  2. Understand what happened
  3. Limit any further exposure or access
  4. Help resolve the issue
  5. Review what should change going forward

No business can promise that risk is zero, but every business should respond responsibly when concerns arise.

Current compliance status

Netalyt is not currently SOC 2 audited.

At this stage, we focus on practical security, careful data handling, and clear client communication. We are actively working toward SOC 2 compliance and intend to build toward stronger formal compliance readiness as the company grows.

We will never claim a certification, audit, or compliance status that we have not earned.

Our commitment

Netalyt exists to help businesses make better use of their data, systems, and technology. That only works if clients can trust us.

We aim to handle client information with care, use access responsibly, avoid unnecessary data collection, and communicate clearly throughout each project.

If you have questions about how your data, systems, or information would be handled during a project, we are happy to talk through it before any work begins.

Onsite implementation when appropriate

Most projects can be handled securely through client-approved access, video calls, screen sharing, and limited permissions.

For certain projects, onsite implementation may be the better option. This can be helpful when a client prefers not to share remote access, when systems are sensitive, or when hands-on setup and training would make the project smoother.

When onsite work is included in the project scope, related travel costs are built into the quoted price so clients are not surprised by extra travel fees later.

Our goal is simple: choose the implementation method that is safest, clearest, and most practical for the client.

Questions about our data practices? Get in touch and we'll be happy to talk through anything on this page.