A plain-English summary of how we handle data, who has access, where things run, and what we’ll sign before kickoff. Designed to answer the questions your IT and legal teams ask before you can sign an SOW.
We collect only the data needed to deliver the rebuild: your existing site content, capability documents you send us, and the contact info on your finished site.
The Anvil76 stack and customer sites are deployed on SOC-2 Type II infrastructure (Vercel + AWS-backed). All traffic is HTTPS. Secrets are never committed to source control.
Single-tenant accounts. SSO available for enterprise engagements. Access is least-privilege and reviewed at every project transition.
A short, honest list. We’ll keep this current and we’ll notify customers when it changes.
Standard data processing agreement available before kickoff. We’ll also countersign your DPA if you have one.
We sign mutual NDAs at the start of discovery so your capability docs, customer list, and pricing stay private.
If a security incident touches customer data, we notify affected customers within 72 hours with scope, impact, and remediation steps.
Need our full vendor diligence packet (SIG-Lite, security questionnaire, insurance certificates)? Email hello@anvil76.com with “Security packet” in the subject and we’ll have it back within one business day.
Enter a URL and get a real scored report from our 14-point website inspection. We use this as the baseline before any guarantee is written into the SOW.