/ Legal

Data Security & Compliance

Last updated — April 20, 2026

TEGO Marketing treats every client dataset with the seriousness of our own. This page summarizes the practices we apply to safeguard data across engagements.

Access controls

  • Least-privilege access to all client systems and datasets.
  • SSO and multi-factor authentication enforced for every internal tool and client-shared account.
  • Credentials rotated when a team member offboards from an engagement.

Data handling

  • Client data stored in encrypted-at-rest systems (AES-256 or equivalent) and encrypted in transit (TLS 1.2+).
  • We minimize the personal data we collect and retain only what is needed to deliver the engagement.
  • On project completion we return or securely delete data according to the client’s instructions.

Vendors & sub-processors

We use a small, vetted set of SaaS vendors (e.g. email delivery, CRM, analytics, cloud storage). Vendors are selected for their compliance posture (SOC 2, ISO 27001, GDPR-aligned) and bound by confidentiality and DPAs where applicable.

Compliance

Engagements are delivered with awareness of the regulatory environment of the client’s industry, including GDPR, CCPA/CPRA, CAN-SPAM, and TCPA where relevant. We support clients in implementing compliant consent, disclosure, and data-subject request workflows.

Incident response

If we become aware of an incident affecting client data, we notify the impacted client without undue delay and cooperate on investigation, mitigation, and disclosure obligations.

Contact

Security questions or disclosures? aidan@tegomarketing.com.