Information Security Policy

Security Controls

SELLF AI enforces role-based access control (RBAC), multi-factor authentication (MFA), and encryption using TLS 1.2 or higher across all systems and data in transit. Data at rest is encrypted using industry-standard algorithms.

System Monitoring

All SELLF AI systems are continuously monitored for security events, anomalous activity, and unauthorized access attempts. Security logs are retained and reviewed on a regular basis. Incidents are escalated and resolved according to our internal incident response procedures.

Vendor Security

SELLF AI's infrastructure relies on the following security-certified vendors:

• ◆Plaid — Bank-grade tokenized financial data access. PCI-DSS compliant.
• ◆Stripe — PCI-DSS Level 1 certified payment processing. No raw card data stored by SELLF LLC.
• ◆Google Workspace — Enterprise email and collaboration with SSO and MFA enforcement.
• ◆Amazon Web Services (S3) — Encrypted, access-controlled object storage for media and assets.

Access Control

Access to SELLF AI systems is granted on a least-privilege basis. All internal access requires MFA. Access rights are reviewed periodically and revoked immediately upon termination of employment or contract.

Security Disclosures

To report a security vulnerability or incident, contact [email protected]. We will acknowledge receipt within 24 hours and provide a resolution timeline within 72 hours for critical issues.