Data Classification, Encryption, and Protection Policy

Data Classification

• Public data includes general informational content such as product names or educational material.
• Internal data refers to logs or analytics not directly associated with individuals.
• Confidential data includes email addresses, usernames, and platform identifiers.
• Highly sensitive data includes OAuth access tokens, session information, and security validation codes.

Encryption Standards

We handle each classification level with an appropriate degree of technical and procedural control. All confidential and highly sensitive data is encrypted at the time of ingestion and is stored using AES-256 encryption in the database layer. Environment-level security settings protect the integrity of keys and secrets.

Communications over the internet, including API calls and dashboard traffic, are protected by HTTPS enforced across all subdomains, with HSTS headers ensuring no fallback to unsecured connections. Our organization implements encryption both in transit and at-rest by default, and our platform design explicitly excludes support for insecure data transmission.

Privacy Compliance

In compliance with best practices and relevant data protection laws, we publish and maintain a Privacy Policy at https://lakesidefulfillment.com/privacy-policy, which outlines how user data is collected, why it is collected, and how users may exercise their rights under applicable regulations. Users can contact our team to request access to, correction of, or deletion of their personal data. All such requests are verified before any action is taken.

Data Lifecycle Management

Upon termination of a user's account or business relationship, their personal data is deleted from active systems within 30 days and purged from encrypted backup systems within 90 days. This lifecycle management ensures no unnecessary retention of data. Our privacy practices are reviewed every six months, and updates are communicated to users via Discord or email.