Data Protection Policy

1 Summary

Reference this policy before sharing client information externally. Aligns with SEC record-keeping requirements and ECIC confidentiality standards.

• Encrypt all client documents at rest using S3-managed keys.
• Share PII only via secure portals (Buttondown secure forms or Schwab document vault).
• Retain audit logs for 7 years.

For questions, email compliance@ethicic.com.