Operational draft — owner/legal review required. This text is a working draft prepared for review and is not yet reviewed legal advice.
1. Access and credentials
- Least-privilege access: only the systems and scopes a workflow needs.
- Credentials are stored in secret managers / environment configuration — never in code repositories.
- Access is revoked at the end of an engagement.
2. Client data handling
- Client business data stays within the agreed toolchain; no copies on personal devices beyond what the work requires.
- Demo/test files are ephemeral: processed, then deleted — not retained.
- Client content is excluded from logs and from any model training.
3. AI-specific safeguards
- Model calls run server-side in deployed workflows; keys are never embedded in frontends.
- Rate limiting and input validation on any exposed endpoint.
- Human approval gates on sensitive actions are part of the architecture, not optional settings.
4. This website
The website itself is static, with no backend, no database and no stored form data, which removes most web attack surface by construction.
5. Incident response
Suspected incidents are triaged immediately; affected clients are informed without undue delay with facts, impact and remediation steps. Report suspected issues to info@nonstopgroup.lt.
All legal documents