Information Security Program

GLBA Safeguards Rule — 16 C.F.R. Part 314
Effective Date: April 10, 2026

TwelveFold Data Group LLC has implemented a written Information Security Program designed to protect the security, confidentiality, and integrity of nonpublic personal information (NPPI) in accordance with the Gramm-Leach-Bliley Act Safeguards Rule and applicable federal regulations.

1. Program Overview and Objective

The objective of this program is to ensure the security and confidentiality of customer records and information, protect against any anticipated threats or hazards to the security or integrity of such records, and protect against unauthorized access to or use of such records that could result in substantial harm or inconvenience to any consumer.

2. Designated Security Officer

A qualified individual has been designated as the Security Officer responsible for overseeing, implementing, and enforcing this Information Security Program. The Security Officer reports findings directly to company leadership and conducts annual program reviews.

3. Risk Assessment

We conduct annual risk assessments to identify internal and external threats to the security of NPPI. Risk assessments evaluate employee training and management practices, information systems including network and software design and information processing, storage, transmission and disposal, and detection and response to attacks, intrusions, and system failures.

4. Security Safeguards

Access Controls

Role-based access controls ensure only authorized personnel may access consumer data. Access is granted based on job function and reviewed quarterly. All access is logged and time-stamped.

Encryption

All NPPI is encrypted using industry-standard AES-256 protocols both in transit and at rest. All data transmissions to consumer reporting agencies use secure encrypted channels.

Multi-Factor Authentication

MFA is required for all systems and applications containing or accessing consumer data without exception.

Secure Development

All software and systems handling consumer data are evaluated for security vulnerabilities prior to deployment and tested annually.

Data Minimization

We collect only the minimum information necessary to provide our services. Data is not retained beyond the period required for its intended purpose or applicable legal retention requirements.

Monitoring and Testing

Systems are monitored continuously for unauthorized access. Penetration testing and vulnerability assessments are conducted at least annually.

5. Vendor Oversight

All third-party service providers with access to NPPI are subject to written data protection agreements requiring equivalent security standards and prompt notification in the event of any breach or unauthorized access.

6. Incident Response Plan

In the event of a security incident involving NPPI we will immediately contain the breach and assess its scope, notify affected individuals and regulatory authorities as required by applicable law, document the incident and all corrective actions taken, and review and update security measures to prevent recurrence. All security incidents are logged and retained for a minimum of seven years.

7. Staff Training

All employees with access to consumer data receive annual training on information security policies, phishing awareness, password management, and data handling procedures. Training completion is documented in personnel records.

8. Annual Program Review

This program is reviewed and updated at least annually by our designated Security Officer and following any material change in our business operations, service arrangements, or technology infrastructure.

Contact

TwelveFold Data Group LLC
30 N Gould St, Ste R
Sheridan, Wyoming 82801
support@twelvefolddata.com
1 (888) 874-2828

All consumer data is protected using AES-256 encryption standards both in transit and at rest.