Trust

Security

How we protect client commercial data and website infrastructure. Designed for Fortune 100 information-security review standards.

Last reviewed17 April 2026
Governed byThe Negotiation Experts

Enterprise buyers share sensitive commercial information with us — contract drafts, price quotations, internal spend data, audit findings. We treat that data with the same rigour our clients treat their own. This page summarises the firm's security posture.

Information security

  • Encryption in transit: TLS 1.2+ on all public endpoints; HSTS enforced with preload.
  • Encryption at rest: AES-256 for all client data stored in firm-controlled systems.
  • Access control: engagement data is partitioned per client; access is role-based and logged.
  • Multi-factor authentication: mandatory for all partner and associate accounts.
  • Device posture: firm-issued laptops with full-disk encryption, endpoint protection, and remote wipe.

Engagement-specific measures

  • Client commercial data held only for the duration of the engagement plus the agreed retention period.
  • Secure data exchange (Dropbox Business with per-engagement folders, or client-specified alternative).
  • All partners and associates under confidentiality obligations stricter than those typical of advisory firms.

Website security

  • Strict Content Security Policy on production (script-src 'self' + named CDNs only).
  • Security headers: HSTS, X-Content-Type-Options, Referrer-Policy, Permissions-Policy, X-Frame-Options.
  • Static-site hosting (no server-side application surface).
  • Forms submitted via Formspree with CAPTCHA and honeypot.

Vulnerability disclosure

If you discover a security issue, please email security@thenegotiationexperts.com. We acknowledge within 48 hours and commit to working in good faith on a resolution. We do not pursue legal action against researchers who follow responsible disclosure.

Certifications and audits

We are in the process of obtaining SOC 2 Type I for the engagement platform; expected completion Q4 2026. We will update this page once certified. Enterprise clients can request an NDA-covered security questionnaire response at any time — turnaround is typically under one week.

Last reviewed: 17 April 2026.