Vallum Analytics Group — Data Security Policy

Last Updated: December 2025

At Vallum Analytics Group (“Vallum,” “we,” “our”), protecting your data is a foundational priority. This Data Security Policy explains the administrative, technical, and physical measures we use to secure your information when you use our platform and services (the “Services”).

1. Our Security Commitment

We design Vallum with the mindset that every piece of data—T-12s, Rent Rolls, OMs, financials, user credentials—is sensitive. We treat your information with the same level of protection we use for our own internal systems.

Security is built into our product at every layer.

2. Data Encryption

a. Encryption in Transit

All data transmitted between your device and Vallum’s platform is encrypted using TLS 1.2+.

b. Encryption at Rest

All stored data—including uploaded documents and output files—is encrypted using AES-256, the industry standard used by leading financial institutions.

3. Secure Document Processing

Documents you upload (T-12s, Rent Rolls, OMs, financial packets) are:

  • Stored in encrypted file systems

  • Processed through secure, isolated services

  • Access-controlled within our internal environment

  • Deleted per retention schedules or upon request

We never use your documents to train public AI models.

4. Access Controls & Authentication

We maintain strict access rules:

  • Role-based access control (RBAC)

  • Multi-factor authentication (MFA) for internal systems

  • Unique credentials for every authorized personnel

  • Least-privilege principle across all environments

No Vallum employee can access client documents unless explicitly required for support and authorized by the client.

5. Network & Infrastructure Security

Our infrastructure includes:

  • Secure cloud hosting environments

  • Firewalls and network segmentation

  • Intrusion detection and prevention systems

  • Automated monitoring for anomalous behaviors

  • Regular patching and security updates

We follow zero-trust principles for internal connectivity.

6. Application Security

We implement multiple layers of app-level protection:

  • Input sanitization

  • Automated vulnerability scanning

  • Dependency monitoring

  • Session management with secure tokens

  • Rate limiting to prevent brute-force attempts

  • Logging and auditing of sensitive actions

Critical components undergo manual review and automated testing.

7. AI & Data Processing Security

AI-powered features run in controlled environments with:

  • Data isolation

  • No cross-user training

  • No logging of confidential data in training datasets

  • Strict internal sandboxing

Outputs are generated per request and not used to “teach” future models.

8. Incident Response

We maintain a formal incident response program that includes:

  • Real-time alerting

  • Investigation by security personnel

  • Isolation of affected systems

  • User notification within legally required timeframes

  • Documentation and root-cause analysis

Our goal is rapid containment and transparent communication.

9. Backup & Disaster Recovery

Your data is protected through:

  • Encrypted daily backups

  • Distributed storage across redundant systems

  • Disaster recovery protocols

  • High-availability infrastructure

If a system fails, Vallum can restore environments quickly and securely.

10. Third-Party Security

We only work with vendors that meet strict security standards. All third parties undergo:

  • Security and compliance review

  • Confidentiality and data processing agreements

  • Ongoing monitoring for policy adherence

We do not sell or share data with any third party for advertising.

11. User Responsibilities

To maintain security, users must:

  • Keep login credentials confidential

  • Use a strong password

  • Notify Vallum of suspicious account activity

  • Comply with the Terms of Service and applicable laws

Security is a shared experience—we handle the infrastructure, you protect your login.

12. Data Retention & Deletion

You may request deletion of your uploaded data at any time.
Unless required for compliance or legal purposes, we will:

  • Remove files from active storage

  • Remove associated metadata

  • Purge from backups on the next scheduled cycle

We do not store your data longer than necessary.

13. Compliance Standards

Our policies are aligned with leading security frameworks, including:

  • SOC 2 (best practices aligned; certification in roadmap)

  • ISO 27001 principles

  • GDPR and CCPA compatibility

  • NIST cybersecurity guidelines

We continually assess and improve security controls.

14. Questions or Security Concerns

For inquiries or to report a security-related issue:
security@vallumanalyticsgroup.com