How EdgeRecord handles client information, system data, and the records produced during an engagement.
EdgeRecord engagements involve sensitive operational information: configurations, network details, access paths, vendor relationships, and incident facts. The way that information is collected, stored, and disposed of is part of the service, not an afterthought. This page describes the standing position. Engagement-specific terms are agreed in writing before any work begins.
What we collect
Only what is required to deliver the agreed scope. That typically includes configuration exports, change tickets, monitoring extracts, vendor reports, and conversation notes with the people who own the systems. We avoid taking copies of full system images, customer data, or production datasets unless the engagement specifically requires it.
What we do not collect
End-user personal data, customer records, employee records outside of role and operator identity, and any information not directly relevant to the recordkeeping output. If material of that kind is offered, it is declined and the request is logged in the engagement record.
How working material is stored
Working copies are held in a controlled environment for the duration of the engagement and a short retention window afterwards. Access is limited to the engagement team. Encryption in transit and at rest is the default. The exact storage location is disclosed during scoping and can be constrained where a client requires a specific jurisdiction.
Retention and destruction
Default retention is sixty days after report delivery, after which working material is destroyed and a destruction note is appended to the engagement record. Clients can request earlier destruction or a longer retention period in writing. The destruction note itself becomes part of the record the client receives.
Confidentiality
All engagements are treated as confidential by default. EdgeRecord will not name a client, describe an engagement, or use materials in marketing without written permission. References and case studies are opt-in and reviewed by the client before publication.
Subcontractors and tooling
Where third-party tools are used in the production of a record — for example, hosted document storage or analysis utilities — the tooling list is disclosed during scoping. Clients may exclude specific tools or providers as part of the engagement terms.
Data subject requests and legal process
If EdgeRecord receives a request from a third party for client material, including a legal request, the client is notified before any disclosure to the extent permitted by law. Disclosure is limited to what is legally required and is recorded in the engagement file.
Security incidents involving EdgeRecord material
If client material held by EdgeRecord is exposed or believed to be exposed, the client is notified within one business day, the incident is documented as a record of its own, and corrective action is agreed. The same recordkeeping standards we apply to client engagements apply to EdgeRecord itself.
Website privacy
This website collects only the information required to operate it. Contact form submissions are used to respond to the enquiry and are retained for normal business correspondence. Server logs are retained for a short operational window. The site does not run advertising trackers or sell visitor information to any party.
Questions
If you have a specific question about how EdgeRecord would handle the information involved in your engagement, raise it during scoping. The answer becomes part of the engagement terms.