top of page

Holisteks Security Policy

Last updated: 04/26/2025

At Holisteks, we are committed to maintaining the security and confidentiality of all client and visitor information. This Security Policy outlines the measures we take to protect sensitive information, including financial, legal, and health-related records, as well as payment data processed through our website.

1. Data Collection & Storage

  • We only collect personal information (such as name, email address, phone number, and job title) that you voluntarily provide to us.

  • Sensitive documents or information provided by clients are stored on secure, access-controlled systems and encrypted when appropriate.

  • We do not store credit card numbers or payment information.

2. Payment Processing

  • All online payments are processed securely through third-party providers, including Wix and PayPal.

  • Holisteks does not collect, process, or store credit card information. Our payment providers are PCI DSS compliant.

  • We do not ask for or accept payment information by email, text, or other insecure methods.

3. Website Security

  • Our website uses SSL/TLS encryption to secure all data transmitted between your browser and our servers.

  • We regularly update our website software and plugins to protect against known vulnerabilities.

  • Access to any back-end systems is limited to authorized personnel and protected by strong passwords.

4. Employee & Contractor Access

  • Only authorized personnel have access to client information, on a need-to-know basis.

  • All employees and contractors are trained in data privacy and security.

  • Confidentiality agreements are required for anyone with access to sensitive data.

5. Data Retention & Disposal

  • We retain personal and client information only as long as necessary to fulfill business or legal obligations.

  • When data is no longer needed, it is securely deleted or destroyed.

6. Physical Security

  • Devices containing sensitive information are kept in secure locations and protected by passwords and encryption.

  • Physical access to records or devices is limited to authorized individuals.

7. Third-Party Vendors

  • We evaluate third-party vendors (such as hosting providers and payment processors) for their security standards.

  • All vendors are required to maintain industry-standard security measures.

8. Incident Response

  • In the unlikely event of a data breach, we will notify affected parties promptly and follow all applicable legal requirements.

  • We have procedures in place to respond to security incidents and mitigate risk.

9. Ongoing Review

  • We regularly review and update our security practices to address emerging threats and stay current with best practices.

  • Clients may request information about our security measures at any time.

Questions or Concerns?
Contact us at info@holisteks.com

bottom of page