How we handle client data and brand assets

Data security infrastructure: (1) NDA signed before any logo/design files exchanged. (2) Encrypted file transfer (Tresorit, S3 with KMS, or signed-URL S3). (3) Brand assets stored in segregated client folders with 3-person access only. (4) GDPR-compliant data retention: client data archived 7 years post-project, then auto-deleted. (5) UAE PDPL compliance for UAE clients. (6) Annual penetration test by external firm (Coalition Cyber). (7) Background-checked employees for sensitive accounts. (8) No mobile photos of finished product without explicit client permission. (9) Production samples destroyed if not specifically retained per contract. (10) Optional: tamper-evident packaging for highly confidential prototypes.