Security Policy

At Rx Hill LLC, security is not an afterthought—it is the foundation of our architecture. We are committed to protecting the confidentiality, integrity, and availability of your data.

1. Information Security Program

We maintain a comprehensive written information security program (WISP) aligned with ISO 42001 and SOC 2 Type II standards. This program includes administrative, technical, and physical safeguards appropriate to the size and complexity of our operations.

2. Data Encryption

All data is encrypted at rest using AES-256 and in transit using TLS 1.2 or higher. We employ strict key management procedures to ensure the security of encryption keys.

3. Access Control

Access to production systems is restricted to authorized personnel on a need-to-know basis. We enforce Multi-Factor Authentication (MFA) for all internal systems and conduct regular access reviews.

4. Vulnerability Management

We conduct regular vulnerability scans and penetration testing of our infrastructure and applications. Critical vulnerabilities are remediated within established SLAs.

5. Contact Security Team

To report a security vulnerability or for questions regarding our security practices, please contact our Security Team at: [email protected]