Security Policy

Security at Maxwell Software Solutions

Effective date: 6 October 2025

We take a defence-in-depth approach appropriate for a consultancy that handles minimal personal data. This page summarises the safeguards we employ to protect client information and our own infrastructure.

Our security practices

  • Least privilege & access control: administrative access is limited to designated personnel, multi-factor authentication is required, and we review access rights on a regular schedule.
  • Encryption in transit: all Site traffic is served over TLS, and we rely on secure email providers for communications with clients and partners.
  • Secure development practices: we use version control, peer review, automated dependency monitoring, and a vulnerability patching cadence aligned to severity.
  • Backups & availability: our hosting providers supply managed backups and uptime controls appropriate for a marketing and informational site.
  • Logging & monitoring: we maintain baseline application and edge logging, with alerting on anomalous traffic where our providers make it available.
  • Third-party risk: vendors and sub-processors (hosting, email, analytics) are assessed for security and data protection commitments prior to onboarding.

Incident response

  • Triage & containment: on detection, we contain the incident, investigate scope, and determine root cause.
  • Notification: if a personal-data breach occurs, we assess risk and notify the competent authority and affected individuals without undue delay in line with GDPR obligations (within 72 hours where required). Learn more at GDPR Article 33.
  • Post-incident review: we document lessons learned and track remediation to completion.

Data minimisation

We collect the smallest amount of personal data needed to respond to enquiries and deliver services. Data is retained only as long as necessary for those purposes, after which it is deleted or anonymised.

Responsible disclosure

If you believe you have found a security vulnerability on our Site, email security@maxwellsoftwaresolutions.com (PGP optional). Please:

  • Do not access data that is not yours, degrade our service, or violate laws.
  • Give us reasonable time to investigate and remediate before public disclosure.
  • Provide enough detail to reproduce the issue. We will acknowledge valid reports and keep you updated.

Sub-processors

The following providers support the delivery of our Site and services:

  • Hosting / CDN: Vercel (primary hosting) and Cloudflare (edge caching).
  • Email & contact: Google Workspace.
  • Analytics (consent-based): Plausible.

What to do next (internal checklist)

The following actions ensure ongoing compliance and clarity for visitors:

  • Confirm public-facing entity details (legal name, registration number, and registered address).
  • Launch dedicated inboxes (privacy@, legal@, security@) and route to responsible owners.
  • Implement a consent-based cookie banner that blocks non-essential cookies until accepted and includes a visible “Cookie settings” link in the footer. Guidance: GDPR.eu.
  • Document data hosting regions and sub-processor responsibilities on this page.
  • Verify the lead supervisory authority reference if serving EU markets beyond Lithuania.