Data Security Addition

At Special Technology Services, we are committed to safeguarding your personal information through industry-leading security practices. This policy outlines how we protect client data using AES-256 encryption, multi-factor authentication (MFA), biometric verification, and physical security keys.

1. 

Encryption Standards

We use Advanced Encryption Standard (AES) with 256-bit keys (AES-256) to encrypt all sensitive client data. This includes, but is not limited to, personal identifiers, communications, case notes, documents, and identity verification materials. AES-256 is one of the most secure encryption methods available and is widely adopted by governments and security agencies worldwide.

2. 

Multi-Factor Authentication (MFA)

Access to any system or platform containing client data requires multi-factor authentication, which combines:

  • Something you know (password or passphrase),
  • Something you have (a physical security key or authenticator app), and
  • Something you are (biometric data such as fingerprint or facial recognition).

This layered approach significantly reduces the risk of unauthorised access.

3. 

Biometric Verification

Where applicable, biometric data (e.g. facial or fingerprint recognition) is used strictly for identity verification. This data:

  • Is processed only on secure, encrypted devices,
  • Is not stored or transmitted beyond the verification process,
  • Complies with all relevant privacy and biometric data protection laws.

4. 

Physical Security Keys

To enhance account protection, access to client systems and admin dashboards is further secured by physical security keys (e.g., YubiKey or equivalent). These keys are required for administrative access and are never shared or duplicated.

5. 

Data Access and Storage

  • Access to encrypted data is role-based and limited strictly to authorised personnel.
  • All encrypted data is stored on secure, privacy-focused infrastructure, either in secure local environments or zero-trust cloud platforms.
  • Backup data is also encrypted using AES-256 and subject to the same MFA protocols.

6. 

Client Rights and Transparency

You have the right to:

  • Know how your data is collected, encrypted, stored, and accessed.
  • Request access to your encrypted information.
  • Withdraw consent or request data deletion (subject to legal or contractual obligations).

7. 

Policy Updates

This policy may be updated periodically to reflect advancements in encryption standards or changes to privacy practices. Clients will be notified of significant changes.