Trust Center
We practice what we preach.
A security-led company has to hold itself to the standard it sells. This page is an honest account of how Coeus Tech protects your data, who we rely on to do it, and how we handle the day we are tested. No theater, no badges we have not earned.
01 — Security practices
How we protect your data
These are the controls we apply to our own operations and to every client environment we manage. They are baseline expectations of a modern security program, not optional extras.
Encryption everywhere
Data is encrypted in transit using current TLS, and at rest using the encryption provided by the cloud platforms we build on. Administrative access runs over authenticated, encrypted sessions. We do not move client data over unencrypted channels.
Managed, tested backups
Backups are encrypted, stored with reputable cloud providers, and periodically test-restored. A backup that has never been restored is a hope, not a control — so we verify recoverability rather than assuming it.
Least privilege & MFA
Access to systems and client tenants is granted on a need-to-use basis and protected with multi-factor authentication. Administrative accounts are separated from day-to-day accounts.
Continuous monitoring
Coeus Watchtower watches managed environments and raises alerts to Microsoft Teams, with automated password rotation on trigger.
Patching & hardening
Endpoints and systems are kept current with managed patching, and configurations are hardened against common attack paths.
Data minimization
We collect and retain only what we need to deliver the service, and we hand it all back cleanly if you leave.
02 — Privacy
Privacy summary
A short, plain-English version of how we treat your information. The full privacy policy expands on each point.
- We collect only the information needed to deliver managed IT and security services and to communicate with you.
- We do not sell your data, and we do not use client data to train any third-party models.
- We share data only with the subprocessors listed below, and only as needed to run the service.
- If you leave, you get a clean exit and full handover of your data and environment.
Read the full [ privacy policy — link to be confirmed ].
03 — Subprocessors
Who we rely on
We build on reputable, enterprise-grade platforms rather than running everything ourselves. These are the categories of services that may process data in the course of delivering our service.
Microsoft 365 & Azure
Productivity, identity, email, and the cloud platform that hosts much of what we deploy and manage.
Cloudflare
Edge security, DNS, and access controls that sit in front of internet-facing services.
Managed backup provider
Encrypted, off-site backup storage used to keep your data recoverable.
Endpoint protection & RMM
The agents used to monitor, patch, and protect managed endpoints.
Communication & alerting
Microsoft Teams and email, used to deliver Coeus Watchtower alerts and to communicate with you.
Scheduling
[ scheduling provider — to be confirmed ], used to book the free assessment.
This list reflects current categories of subprocessors and may be updated as our tooling changes.
04 — Incident response
How we handle the day we are tested
We assume breach, so we plan for it. This is a high-level, redacted view of our process — deliberately general, with no client specifics, no diagrams, and no detail that would help an attacker.
Monitoring, backups, and a documented response plan are in place before anything happens, so we are not improvising under pressure.
Coeus Watchtower surfaces suspicious activity and raises a severity-rated alert so a human can confirm and triage quickly.
We contain the threat — including automated password rotation on trigger — keep you informed in plain language, and act to limit impact.
We restore from tested backups, verify the environment is clean, and follow up with plain-English findings and hardening steps.
What we will never publish
- Network diagrams or architecture detail for any environment we manage.
- Specifics of unpatched or open vulnerabilities.
- Any client data, identities, or details that could identify an affected organization.
05 — Vulnerability disclosure
Found something? Tell us.
If you believe you have found a security vulnerability affecting Coeus Tech or a service we operate, we want to hear from you. Report it privately and give us a reasonable window to investigate and remediate before any public disclosure.
Report a vulnerability
Email a clear description and steps to reproduce to:
Please do not access, modify, or exfiltrate data beyond what is necessary to demonstrate the issue, and do not run tests that could degrade service for others. Act in good faith and we will respond in kind.
06 — Roadmap
Where we are headed
Honesty means showing the work in progress, not just the finished badges. Here is what we are building toward. Certification targets are marked as placeholders until they are confirmed and earned — we will not list a credential we do not hold.
-
Formalize policies & documentation
Written security, privacy, and incident-response policies, kept current and available to clients on request.
-
Independent review
Bring in third-party assessment of our controls to validate that what we describe here matches what we actually do.
-
Founder & company certifications
Committed to ongoing professional development and maintaining current certifications. Confirmed credentials are shown below; any further targets and dates remain placeholders until confirmed.
CompTIA A+ ISC2 Certified in Cybersecurity (CC) [ cert target date ] -
Attestation
Work toward a recognized attestation (such as SOC 2) appropriate to our size and clients. We will publish it here only when it is real.
Want to see how we would protect your business?
Every engagement starts with a free security & IT assessment — plain-English findings, risk ratings, and no obligation. Month-to-month, no lock-in.