craic studio
Download Whitepaper

Security Policies for Craic Studio LLC

We are a software development firm. We are not currently SOC 2 certified. However, we strictly adhere to SOC 2 protocols in our operations. This site serves as our repository of evidence, policies, and procedures to demonstrate our security posture and commitment to data protection.

Fortified Infrastructure

We rely exclusively on industry-standard, SOC 2 compliant infrastructure providers. We do not manage physical servers or deviate from this stack. Whether building for clients or launching our own SaaS applications, this is our immutable foundation.

Supabase

Primary database and authentication provider. Handles all data storage with automated PITR backups and row-level security.

Vercel

Frontend deployment and edge functions. Provides immutable deployments, DDoS protection, and global CDN.

Cloudflare

DNS management, WAF (Web Application Firewall), and edge security network protecting all ingress traffic.

Expo

Mobile application build and update infrastructure. Securely manages signing credentials and OTA updates.

Security Policies & Procedures

Our operational protocols are documented below. Click any policy to view the full text.

Information Security Policy
Document ID: info-sec-policy

Information Security Policy 1. Overview 1.1 Purpose The purpose of this Information Security Policy (ISP) is ...

Acceptable Use Policy
Document ID: acceptable-use

Acceptable Use Policy 1. Overview 1.1 Purpose The Acceptable Use Policy (AUP) defines the standards for the a...

Access Control Policy
Document ID: access-control

Access Control Policy 1. Overview 1.1 Purpose This policy establishes the framework for managing access to Cr...

Data Management & Classification
Document ID: data-management

Data Management & Classification Policy 1. Overview 1.1 Purpose This policy defines the framework for classif...

Software Development Lifecycle (SDLC)
Document ID: sdlc

Software Development Lifecycle (SDLC) Policy 1. Overview 1.1 Purpose This policy mandates security integratio...

Incident Response Plan
Document ID: incident-response

Incident Response Plan 1. Overview 1.1 Purpose The Incident Response Plan (IRP) defines the organized approac...

Vendor Management Policy
Document ID: vendor-management

Vendor Management Policy 1. Overview 1.1 Purpose This policy establishes the requirements for evaluating, sel...

Business Continuity & Disaster Recovery
Document ID: business-continuity

Business Continuity & Disaster Recovery Plan 1. Overview 1.1 Purpose The purpose of this plan is to ensure th...

Physical Security Policy
Document ID: physical-security

Physical Security Policy 1. Overview 1.1 Purpose This policy outlines the physical security controls required...