SECURITY & DATA HANDLING
Last updated: November 2025
This Security and Data Handling Policy describes the measures Steady Standards takes to protect information, manage access, and handle data responsibly.
It should be read in conjunction with our Privacy Policy and Terms of Service.
PURPOSE
Steady Standards is designed to support consistent judgement in real operating environments.
Maintaining the security and integrity of information is essential to that purpose.
This policy outlines how we approach security and data handling in a proportionate, practical, and responsible manner.
SCOPE
This policy applies to:
SECURITY PRINCIPLES
Our approach to security is guided by the following principles:
SECURITY CONTROLS AND CONTENT PROTECTION
We apply a layered approach to security and data handling to protect website content, systems, and communications.
This includes the use of industry-standard technical controls designed to:
Security controls are reviewed periodically and adjusted in response to emerging risks, changes in usage, and operational requirements.
While no public website can guarantee complete protection against all forms of automated activity, reasonable and proportionate safeguards are in place to protect the confidentiality, integrity, and appropriate use of information available through this site.
DATA CLASSIFICATION
Information handled by Steady Standards generally falls into the following categories:
Users are responsible for ensuring that any information they submit is appropriate and lawful.
DATA STORAGE AND INFRASTRUCTURE
Steady Standards uses reputable, industry-standard cloud service providers to host and deliver the service.
This may include providers for:
ACCESS CONTROLS
Access to systems and data is restricted to authorised personnel only.
Measures include:
DATA TRANSMISSION
Information is transmitted using secure communication protocols appropriate to the context, such as encrypted HTTPS connections.
While reasonable steps are taken to protect data in transit, no method of transmission over the internet is entirely secure.
SUBSCRIPTIONS AND PAYMENTS
Payments are processed by third-party payment platforms, including Shopify and its associated payment processors.
Steady Standards does not store full payment card numbers or security codes.
Payment information is handled directly by the payment provider in accordance with their own security and compliance standards.
THIRD-PARTY SERVICE PROVIDERS
Steady Standards relies on third-party providers to operate the service.
These providers may process information on our behalf solely to deliver their services and are expected to maintain appropriate security safeguards.
We take reasonable steps to select providers with established security practices.
DATA RETENTION AND DISPOSAL
Information is retained only for as long as reasonably necessary to:
USER RESPONSIBILITIES
Users are responsible for:
INCIDENT MANAGEMENT
We take reasonable steps to identify, assess, and respond to security incidents.
Where a data incident presents a material risk to users, we will take appropriate steps to address the issue and comply with applicable notification obligations.
LIMITATIONS
While Steady Standards implements reasonable security measures, It does not guarantee absolute security.
Users acknowledge that residual risk exists when using any online service.
CHANGES TO THIS POLICY
This Security and Data Handling Policy may be updated from time to time to reflect changes in technology, practices, or legal requirements.
The current version will always be available on the website.
CONTACT
Questions regarding security or data handling may be submitted via the Contact page on this website.
This Security and Data Handling Policy describes the measures Steady Standards takes to protect information, manage access, and handle data responsibly.
It should be read in conjunction with our Privacy Policy and Terms of Service.
PURPOSE
Steady Standards is designed to support consistent judgement in real operating environments.
Maintaining the security and integrity of information is essential to that purpose.
This policy outlines how we approach security and data handling in a proportionate, practical, and responsible manner.
SCOPE
This policy applies to:
- The Steady Standards website
- The Steady Standards subscription service
- Information collected, processed, or stored in connection with the service
SECURITY PRINCIPLES
Our approach to security is guided by the following principles:
- Proportionality — controls appropriate to the nature of the service
- Least privilege — access limited to what is reasonably necessary
- Defence in depth — layered safeguards rather than single points of failure
- Accountability — responsibility remains with people, not systems
SECURITY CONTROLS AND CONTENT PROTECTION
We apply a layered approach to security and data handling to protect website content, systems, and communications.
This includes the use of industry-standard technical controls designed to:
- Secure data in transit
- Reduce exposure to unauthorised automated access
- Protect against common web-based threats
- Maintain availability and integrity of published content
Security controls are reviewed periodically and adjusted in response to emerging risks, changes in usage, and operational requirements.
While no public website can guarantee complete protection against all forms of automated activity, reasonable and proportionate safeguards are in place to protect the confidentiality, integrity, and appropriate use of information available through this site.
DATA CLASSIFICATION
Information handled by Steady Standards generally falls into the following categories:
- Account and contact information
- Subscription and billing metadata
- Communications and enquiries
- Usage and access metadata
Users are responsible for ensuring that any information they submit is appropriate and lawful.
DATA STORAGE AND INFRASTRUCTURE
Steady Standards uses reputable, industry-standard cloud service providers to host and deliver the service.
This may include providers for:
- Website hosting and content delivery
- Application infrastructure and deployment
- Subscription and billing management
- Email and transactional communications
ACCESS CONTROLS
Access to systems and data is restricted to authorised personnel only.
Measures include:
- Role-based access controls
- Use of unique credentials
- Limiting administrative access to essential functions
- Regular review of access permissions
DATA TRANSMISSION
Information is transmitted using secure communication protocols appropriate to the context, such as encrypted HTTPS connections.
While reasonable steps are taken to protect data in transit, no method of transmission over the internet is entirely secure.
SUBSCRIPTIONS AND PAYMENTS
Payments are processed by third-party payment platforms, including Shopify and its associated payment processors.
Steady Standards does not store full payment card numbers or security codes.
Payment information is handled directly by the payment provider in accordance with their own security and compliance standards.
THIRD-PARTY SERVICE PROVIDERS
Steady Standards relies on third-party providers to operate the service.
These providers may process information on our behalf solely to deliver their services and are expected to maintain appropriate security safeguards.
We take reasonable steps to select providers with established security practices.
DATA RETENTION AND DISPOSAL
Information is retained only for as long as reasonably necessary to:
- Provide the service
- Meet legal or regulatory obligations
- Resolve disputes
- Maintain business records
USER RESPONSIBILITIES
Users are responsible for:
- Maintaining the confidentiality of their account credentials
- Limiting access to authorised individuals
- Ensuring that information submitted to the service does not include inappropriate, unlawful, or unauthorised data
INCIDENT MANAGEMENT
We take reasonable steps to identify, assess, and respond to security incidents.
Where a data incident presents a material risk to users, we will take appropriate steps to address the issue and comply with applicable notification obligations.
LIMITATIONS
While Steady Standards implements reasonable security measures, It does not guarantee absolute security.
Users acknowledge that residual risk exists when using any online service.
CHANGES TO THIS POLICY
This Security and Data Handling Policy may be updated from time to time to reflect changes in technology, practices, or legal requirements.
The current version will always be available on the website.
CONTACT
Questions regarding security or data handling may be submitted via the Contact page on this website.
