πŸ” Information Security at MarginSales.com

Last updated: 14th July 2025

MarginSales.com is committed to protecting the confidentiality, integrity, and availability of all data entrusted to us, including prospect databases, campaign logs, and client communications. Below is a summary of our security policies and safeguards.

πŸ—‚οΈ Scope

This Information Security Policy applies to all employees, contractors, systems, data sources, and platforms used by MarginSales.com in the delivery of outbound sales outreach services.

🧾 Asset Management

We track and manage all digital and physical assets including:

  • Outreach tools (e.g., Apollo, Lusha, Smartlead, CRMs etc)

  • Client data and prospect lists

  • Company laptops, cloud services, and email systems

Each asset is assigned an owner and is subject to periodic access and usage reviews.

πŸ›‚ Access & Identity Management

We enforce role-based access controls across all tools and platforms. Access is granted on a need-to-know basis with multi-factor authentication, session management, and regular access reviews.

πŸ” Password Management

All users follow strong password policies, including:

  • Use of password managers

  • Password complexity requirements

  • Regular password rotation

  • No reuse across systems

☁️ Cloud Infrastructure

MarginSales.com uses secure, industry-compliant cloud providers (such as AWS and Google Cloud). These providers are compliant with global standards like ISO 27001 and SOC 2.

🧯 Physical Security

We operate in a remote-first model. MarginSales.com team members access data exclusively via secure, cloud-based platforms (e.g., CRM and outreach tools). No client data is stored locally on personal devices.

To ensure safe access:

  • All team members are required to use strong passwords and secure their personal devices.

  • Access is restricted to authorized email accounts with 2FA.

  • Data is accessed only through browser-based platforms with session timeouts and encryption.

  • No client data is downloaded, stored, or transferred outside of approved systems.

We rely on secure infrastructure providers (e.g., Outplay, Apollo, Smartlead) with robust compliance and infrastructure safeguards (SOC 2, ISO 27001).

🌐 Network Security

Our internal systems and outreach tools are protected through:

  • HTTPS-only access

πŸ§ͺ Encryption

All data is encrypted:

  • In transit using TLS 1.2 or higher

  • At rest using platform-level encryption protocols

Client files and campaign logs are transmitted and stored securely.

πŸ’Ύ Removable Media Controls

Use of USB drives and other removable media is restricted. If use is ever required:

  • Media must be encrypted

  • Approved by management

  • Scanned for malware prior to use

Client data is never stored on personal or removable devices.

πŸ› οΈ Application Security & Change Management

For any internal tools or automations:

  • Code is peer-reviewed before use

  • Changes follow a formal testing and rollback process

  • We ensure new features don’t compromise data privacy or performance

βš™οΈ System Maintenance

Our vendors perform regular updates and scheduled system maintenance to minimize downtime and protect systems from emerging threats.

πŸ“‰ Risk & Vulnerability Management

As a service provider, we rely on multiple third-party platforms to deliver outreach campaigns. To ensure the security of our operations and your data:

  • We conduct periodic reviews of the security practices and compliance status of our key vendors (e.g., Apollo, Lusha, CRMs).

  • We monitor for changes in data protection regulations and update internal processes accordingly.

  • We maintain a risk log to track and mitigate any issues related to data handling, access control, or third-party tool usage.

While we do not manage our own infrastructure or develop products, we remain proactive in identifying and managing risks across the services we provide.

πŸ›‘οΈ Incident Response Plan

In the event of a breach or security incident:

  • We initiate immediate containment and investigation

  • Affected clients are notified within 48 hours

  • Root cause analysis and preventive steps are documented

πŸ”„ Data Retention & Deletion

  • Client data is retained for up to 60 days after service termination, unless otherwise requested

  • Data is either returned or securely deleted

  • Permanent deletion is verifiable upon request

🧾 Data Classification

We categorize data based on sensitivity (e.g., confidential, internal, public) and apply:

  • Access restrictions

  • Secure storage practices

  • Internal labeling

πŸ” Business Continuity

We maintain:

  • Backups of critical systems and data

  • A continuity plan for recovery in case of outages

  • Resumption of services within 2 – 4 days after disruption

    WE have a Business Continuity Plan in place to ensure uninterrupted delivery of sales outreach services.
    Our BCP includes remote team readiness, alternative communication channels, platform redundancy, and recovery steps for unexpected disruptions.

πŸ“‹ Security Certifications & Compliance

While we are not yet ISO- or SOC-certified, we align with best practices and work with secure, compliant vendors. We follow data handling practices aligned with GDPR.

πŸ“© Questions or Compliance Requests?

Please email admin@marginsales.com or contact your engagement manager.

βœ… Data Certification

We certify, to the best of our knowledge, that the above information is accurate and up to date as of [Insert Month, Year].