LOGIN Substack Podcast
About Contact Privacy Policy

Security & Data Protection Statement

Last updated: October 18, 2025

1. Our Commitment

At Amanda Carroll LLC (“we,” “our,” or “us”), your trust is our highest priority. We are committed to protecting your data with industry-leading security practices and ensuring that your experience on amandacarroll.org is secure, private, and resilient—no matter which browser, device, or network you use.

2. Scope

This statement applies to all websites, services, and digital properties operated by Amanda Carroll LLC, including amandacarroll.org and related mobile, tablet, and desktop experiences.

3. Data Security in Transit & At Rest

  • Encrypted connections: All data transmitted between your device and our servers is encrypted using TLS 1.3 (or higher, where supported).

  • Strict HTTPS enforcement: We use HSTS (HTTP Strict Transport Security) to ensure browsers always connect securely.

  • Perfect Forward Secrecy: Ensures that even if one encryption key is compromised, past sessions remain secure.

  • Encryption at rest: All stored data—including backups—is encrypted using AES-256 or equivalent enterprise-grade standards.

4. Browser & Application-Level Security

We maintain the highest security standards across all modern browsers and devices:

  • Supported browsers: Latest and previous major versions of Chrome, Safari, Firefox, and Microsoft Edge.

  • Secure cookies: All cookies use Secure, HttpOnly, and SameSite attributes.

  • Content Security Policy (CSP): Prevents malicious scripts (XSS) from executing.

  • Clickjacking protection: Implemented using X-Frame-Options and CSP frame-ancestors.

  • Dependency audits: All third-party libraries are monitored and patched for vulnerabilities regularly.

5. Account Security

  • Password safety: All user passwords are hashed with bcrypt or Argon2 before storage.

  • Multi-factor authentication (MFA): Offered for enhanced account protection.

  • Access controls: Data access is restricted to authorized personnel using the principle of least privilege.

6. Secure Development & Operations

  • Secure SDLC: All software is developed following secure coding best practices and peer-reviewed.

  • Penetration testing: Independent third-party security audits and penetration tests are performed annually.

  • 24/7 monitoring: Automated threat detection and intrusion prevention systems continuously monitor activity.

  • Disaster recovery: Encrypted backups and robust restoration protocols are in place to ensure business continuity.

7. Infrastructure & Network Security

Our infrastructure is hosted on top-tier cloud platforms with:

  • Network segmentation and firewall protections

  • Centralized logging and SIEM threat detection

  • Regular vulnerability scanning and remediation

  • Automated patch management and update processes

8. Incident Response

In the event of a suspected data breach, we follow a documented Incident Response Plan including:

  • Immediate investigation and containment

  • User and regulatory notification (if applicable) within legally mandated timeframes

  • Post-incident audits and remediation to prevent recurrence

9. Payment Security

We do not store raw payment data. All transactions are processed by PCI-DSS-compliant payment providers using tokenization and secure gateways.

10. Regulatory Compliance

We design our services to meet or exceed all relevant global data protection laws, including:

  • GDPR (EU/EEA)

  • CCPA/CPRA (California, USA)

  • PIPEDA (Canada)

  • Other applicable data protection regulations

11. International Data Transfers

If personal data is transferred across borders, we use approved legal safeguards such as Standard Contractual Clauses (SCCs) or equivalent mechanisms.

12. Supported Devices, Networks & Carriers

Our security measures are designed to work across:

  • Devices: Desktop, laptop, tablet, and mobile.

  • Operating systems: iOS, Android, Windows, macOS, and Linux.

  • Carriers & ISPs: All major internet and cellular providers. Encryption is end-to-end and remains secure regardless of your network provider.

13. Cookies & Tracking

We use cookies primarily for essential site functionality and security. Where analytics or advertising cookies are used, we request your consent as required by law. Full details are available in our Cookie Policy.

14. Updates to This Policy

We may update this Security & Data Protection Statement periodically. Significant changes will be communicated via this page and, where appropriate, additional notices.

15. Contact Us

If you have questions, security concerns, or believe you’ve found a vulnerability, please contact our security team: