Skip to content

Trust posture

Quiet, careful, transparent.

Operations means access — to CRMs, inboxes, dashboards, sometimes payroll. Here is exactly how we handle that responsibility.

Access

We operate on the principle of least access. Every operator gets only the tool access required for their specific engagement, scoped to specific projects or workspaces wherever the tool allows. No shared logins, no blanket admin keys.

  • All credentials stored in 1Password Business, individual seats, never in chat or email.
  • 2FA enforced on every account our team logs into.
  • Access provisioned via your existing tool admin; we never ask for raw passwords.
  • Off-boarding is automated: when an operator leaves a project, their access is revoked the same business day.

Data handling

Your data stays in your stack. We do not export client data to internal systems except for the limited reporting we share back to you.

  • Internal communications about your business happen in a dedicated, named Slack channel — never cross-posted.
  • Documents we draft for you are created in your Google Workspace / Notion / Drive, not ours.
  • We do not train AI models on your data. Period.
  • Backups of our own internal systems are encrypted at rest (AES-256) and in transit (TLS 1.3).

NDAs and contracts

A mutual NDA is standard on every engagement, signed before any access is provisioned. We are happy to sign yours; if you don't have one, ours is a single page in plain English.

The engagement itself is governed by a written agreement: scope, deliverables, billing, IP, term, exit. We do not start work without a signed SOW.

Insurance

We carry Professional Liability / Errors & Omissions insurance ($2M aggregate). Certificate of insurance available on request.

Compliance posture

We are not currently SOC 2 certified — we are too early. We operate against the SOC 2 control framework internally and intend to formalise certification as the team grows. Until then, our control documentation is available on request for any procurement review.

For regulated industries (healthcare, financial services), we'll be candid on the discovery call about whether we can responsibly take the engagement. We have walked away from engagements where the compliance posture exceeded what we could honestly meet.

Refunds and exit

Engagements are month-to-month with seven days notice to scale down or exit. There are no exit fees, no lock-in periods, and no termination penalties.

If we miss our Promise commitments (first workflow shipped in 14 days, 24-hour weekday response, live dashboard transparency), the next month is on us — automatically, without you having to ask.

Reporting a concern

Found something we should know about? Email connect@vanxtdoor.com with the subject "Security". A real human reads every one.

Start the conversation

Scale Smarter With AI-Enabled Operational Execution

Let's remove operational bottlenecks and build scalable execution systems for your business.

  • Reply within 24 hours, every working day.
  • First call is a discovery, not a pitch.
  • Custom plan in 48 hours after the call.

By submitting, you agree to our privacy policy. No spam — ever.