craic studio

Security Policies for Craic Studio LLC

We are a software development firm. We are not currently SOC 2 certified. However, we strictly adhere to SOC 2 protocols in our operations. This site serves as our repository of evidence, policies, and procedures to demonstrate our security posture and commitment to data protection.

Fortified Infrastructure

We are willing to work with any technology stack, and do, for our clients. However, our preferred stack is built on industry-standard, SOC 2 compliant infrastructure providers. Whether building for clients or launching our own SaaS applications, this is our go-to foundation.

Supabase

Primary database and authentication provider. We run multiple environments (development, staging, production) with automated PITR backups and row-level security.

supabase.com
Vercel

Frontend deployment and edge functions. Provides immutable deployments, DDoS protection, and global CDN.

vercel.com
Railway

Backend hosting and service orchestration. Provides managed deployments, private networking, and scalable infrastructure.

railway.app
Expo

Mobile application build and update infrastructure. Securely manages signing credentials and OTA updates.

expo.dev
GitHub

Source control and CI/CD platform. All code is stored in private repositories with branch protection, code review requirements, and automated workflows.

github.com
Sentry

Error tracking and performance monitoring. Provides real-time alerting, issue triage, and full stack traces across all environments.

sentry.io

Security Policies & Procedures

Our operational protocols are documented below. Click any policy to view the full text.

Information Security Policy
Document ID: info-sec-policy

Information Security Policy 1. Overview 1.1 Purpose The purpose of this Information Security Policy (ISP) is ...

Acceptable Use Policy
Document ID: acceptable-use

Acceptable Use Policy 1. Overview 1.1 Purpose The Acceptable Use Policy (AUP) defines the standards for the a...

Access Control Policy
Document ID: access-control

Access Control Policy 1. Overview 1.1 Purpose This policy establishes the framework for managing access to Cr...

Data Management & Classification
Document ID: data-management

Data Management & Classification Policy 1. Overview 1.1 Purpose This policy defines the framework for classif...

Software Development Lifecycle (SDLC)
Document ID: sdlc

Software Development Lifecycle (SDLC) Policy 1. Overview 1.1 Purpose This policy mandates security integratio...

Incident Response Plan
Document ID: incident-response

Incident Response Plan 1. Overview 1.1 Purpose The Incident Response Plan (IRP) defines the organized approac...

Vendor Management Policy
Document ID: vendor-management

Vendor Management Policy 1. Overview 1.1 Purpose This policy establishes the requirements for evaluating, sel...

Business Continuity & Disaster Recovery
Document ID: business-continuity

Business Continuity & Disaster Recovery Plan 1. Overview 1.1 Purpose The purpose of this plan is to ensure th...

Physical Security Policy
Document ID: physical-security

Physical Security Policy 1. Overview 1.1 Purpose This policy outlines the physical security controls required...

Personnel Security & Background Check Policy
Document ID: personnel-security

Personnel Security & Background Check Policy 1. Overview 1.1 Purpose This policy establishes the requirements...

Service Level Agreement (SLA)
Document ID: sla

Service Level Agreement (SLA) 1. Overview 1.1 Purpose This Service Level Agreement defines the availability, ...