What We Do

How We Do It

Who We Are

The Barnacle

Data Policy

At 2 Fish Company, we take our responsibility to protect client information seriously. While we’re not a financial or healthcare provider, our work often involves sensitive creative assets, credentials, and strategic data. We treat that trust as sacred — safeguarding it through thoughtful policies, secure systems, and a culture of accountability.

Masthead Image
Dive In Anchor Dive In Anchor

Information Security

  • Access Control: All accounts and systems use individual logins secured by multi-factor authentication (MFA). Access is granted only as needed and reviewed regularly.
  • Data Storage: Client data is stored in encrypted cloud environments (Google
    Workspace, WP Engine, and other SOC 2–certified vendors). We do not store
    financial or personally identifiable information (PII) beyond what is necessary for project execution.
  • Device Security: All workstations and mobile devices use endpoint protection,
    password policies, and automatic updates. Lost or retired devices are remotely wiped.
  • Backups: Files are backed up daily within our cloud environments. Redundant versions are retained according to client agreements.

Privacy & Confidentiality

  • Client Privacy: We collect only the information needed to deliver contracted services. Any data shared with third-party vendors is governed by written agreements that meet or exceed industry standards.
  • Confidentiality: Team members and contractors sign confidentiality and nondisclosure agreements (NDAs) as a condition of work.
  • Retention and Deletion: Project files are archived for a limited period after
    completion and securely deleted upon request.

Incident Response & Monitoring

  • Monitoring: We continuously monitor access logs and system activity through our managed platforms.
  • Response: In the unlikely event of a data incident, clients are notified within 72 hours, and a full review and remediation plan is initiated immediately.

Compliance & Continuous Improvement

  • Our internal controls align with the NIST Cybersecurity Framework and mirror the core principles of SOC 2 (security, availability, confidentiality, and privacy).
  • We review our security policies annually and update procedures as technology, regulations, and client needs evolve.

Questions or Requests?

We believe good relationships start with transparency. Clients may request additional information about our data handling, vendor security certifications, or retention policies at any time.