At Autostrikr.com, we process sensitive personal data and proprietary copyright evidence on your behalf. The controls described below are not aspirational — they are active, tested, and continuously reviewed.
01 — Encryption
Data Encryption
Your data is protected both in motion and at rest.
In Transit
All browser-to-server communications are encrypted via TLS 1.3. Older protocol versions (TLS 1.0/1.1, SSL) are disabled at the network edge.
At Rest
Case files, identity verification documents, and payment records stored on our servers are encrypted using AES-256 — the same standard used by financial institutions and government agencies.
Key Management
Encryption keys are rotated on a scheduled basis and stored separately from the data they protect, preventing a single point of compromise.
02 — Infrastructure
Secure Infrastructure
Our hosting environment is hardened against unauthorized access, service disruption, and data loss.
Hosting
We operate on enterprise-grade cloud infrastructure with 24/7 physical security, biometric facility access, and continuous video surveillance.
WAF
A Web Application Firewall filters all inbound traffic to block malicious requests, injection attacks, and DDoS attempts before they reach our application layer.
Backups
Encrypted backups are performed daily and stored in geographically separate locations, ensuring rapid recovery from any hardware or software failure.
Vulnerability Mgmt.
We conduct regular penetration testing and dependency audits to identify and remediate security issues before they can be exploited.
03 — Payments
Payment Processing Security
We never see or store your full payment card details. All transactions are processed by Lemon Squeezy, a certified Merchant of Record that handles payment collection, tax compliance, and card data security on our behalf. Your card details are tokenized at entry and never touch our servers.
04 — Access Control
Restricted Internal Access
Your case files are accessible only to the people actively working on them.
Least-Privilege
Role-based permissions ensure employees can only access the specific case files assigned to them. No broad or standing access to client data is granted.
Mandatory MFA
Multi-Factor Authentication is required for every team member with access to internal systems — no exceptions.
Audit Logging
All access to client records is logged with timestamps and user identifiers. Logs are tamper-evident and reviewed regularly for anomalies.
Security Training
All intake managers and agents complete regular training on data privacy obligations, phishing recognition, and secure file handling procedures.
05 — Data Practices
Data Minimization & Retention
We collect only what is necessary and retain it only as long as required.
ID Purging
Identification documents submitted for copyright ownership verification are securely deleted once verification is complete. They are never retained beyond that purpose.
Case Archiving
Closed case files are automatically moved to restricted-access cold storage after a defined period of inactivity, reducing the live attack surface.
Minimal Collection
We do not collect personal data beyond what is operationally necessary to file and track your DMCA notices. No data is sold or shared with third-party advertisers.
06 — Incident Response
Incident Response
We maintain a tested plan for identifying and responding to security events.
Detection
Real-time monitoring and alerting is in place across all production systems. Suspected incidents trigger immediate isolation and investigation procedures.
Client Notification
In the event of a breach affecting your personal data, we will notify affected clients within 72 hours of confirmation, in accordance with applicable data protection regulations.
Post-Incident Review
Every confirmed security incident results in a documented root-cause analysis and remediation plan to prevent recurrence.