Client Data & Security Policy

This Client Data & Security Policy explains how Melkom Systems handles client data, application data, business records, files, and technical information in connection with custom software development, web-based applications, business management systems, downloadable software, support, hosting, and related technology services.

This Policy applies to data provided to Melkom Systems, entered into systems created or supported by Melkom Systems, or processed as part of services provided through melkomsystems.com, custom client applications, client dashboards, support channels, or related systems.

This Policy is intended to work together with our Privacy Policy, Terms & Conditions, Custom Software and Service Terms, Acceptable Use Policy, Support & Maintenance Policy, and any written agreement, proposal, statement of work, invoice, or service plan between Melkom Systems and a client.

1. Purpose of This Policy

Melkom Systems builds custom digital systems for businesses and individuals. These systems may help clients manage jobs, projects, employees, expenses, files, customer information, schedules, business operations, and related records.

Because these systems may store important business information, this Policy explains the general responsibilities of Melkom Systems and its clients regarding data access, security, backups, account use, data retention, third-party services, and incident handling.

2. Types of Data Covered

Depending on the project or service, client systems may process or store different types of information, including:

• Business contact information
• User account and login information
• Employee names, roles, work activity, schedules, or job assignments
• Customer, vendor, subcontractor, or project contact details
• Job, project, task, ticket, estimate, invoice, expense, or work order records
• Project addresses, job site information, photos, documents, receipts, files, notes, comments, or attachments
• Application usage records, audit logs, error logs, technical logs, and support communications
• Billing, payment, or subscription-related information, if applicable

The exact data collected or processed depends on the specific application, service, project scope, and client configuration.

3. Client-Controlled Data

In many custom applications, the client decides what information is entered into the system, who is authorized to access it, and how the information is used within the client’s business.

Clients are responsible for making sure they have the right to collect, upload, store, use, and share any information they place into a system developed, hosted, supported, or maintained by Melkom Systems.

This includes information about employees, customers, vendors, subcontractors, job sites, expenses, projects, photos, documents, and business operations.

4. How Melkom Systems Uses Client Data

Melkom Systems may access, process, or use client data only as reasonably necessary to provide services, including to:

• Design, build, configure, test, host, maintain, or support custom software
• Set up accounts, permissions, dashboards, databases, workflows, and integrations
• Troubleshoot errors, bugs, access issues, performance issues, or support requests
• Protect systems from unauthorized access, fraud, abuse, malware, or security threats
• Create backups, restore systems, migrate data, or perform maintenance
• Improve reliability, usability, security, and performance of systems
• Comply with legal, contractual, tax, accounting, or business obligations

Melkom Systems does not sell client data for money.

5. Access to Client Systems

Melkom Systems may access client systems when needed to provide development, hosting, support, maintenance, troubleshooting, security, migration, backup, or administrative services.

Access may be performed by Melkom Systems personnel, authorized contractors, service providers, or infrastructure providers when reasonably necessary to provide the applicable service.

Whenever practical, access is limited to the information and system areas needed to perform the service.

6. Account Security and User Responsibilities

Clients and users are responsible for maintaining the security of their accounts and login credentials.

Users should:

• Use strong and unique passwords
• Keep passwords confidential
• Avoid sharing accounts unless specifically authorized
• Use multi-factor authentication if available
• Notify Melkom Systems or the account owner promptly if login credentials may have been compromised
• Remove access for employees, contractors, or users who no longer need access
• Review user permissions periodically

Melkom Systems is not responsible for unauthorized access caused by weak passwords, shared credentials, compromised devices, failure to remove former users, or client-side security issues.

7. Security Measures

Melkom Systems uses reasonable administrative, technical, and operational safeguards designed to protect systems and data from unauthorized access, loss, misuse, alteration, or disclosure.

Depending on the project, system, service plan, hosting environment, and client requirements, safeguards may include:

• User authentication and access controls
• Role-based permissions or limited user access
• Secure development practices
• Encrypted connections where appropriate
• Database, server, and application access restrictions
• Backups or recovery procedures where included in the service plan
• Monitoring, logging, or diagnostic tools
• Updates, patches, and maintenance where included in the service plan
• Use of reputable hosting, cloud, email, payment, analytics, or infrastructure providers

No system, server, website, application, email platform, or internet transmission can be guaranteed to be completely secure. Melkom Systems does not guarantee that unauthorized access, data loss, service interruptions, errors, or security incidents will never occur.

8. Hosting, Cloud Services, and Third-Party Providers

Melkom Systems may use third-party providers to operate, host, store, secure, support, analyze, or process information for websites, applications, databases, email, payments, backups, analytics, authentication, infrastructure, and related services.

Third-party providers may process information according to their own terms, privacy policies, security practices, and service limitations.

Clients are responsible for reviewing and approving any required third-party tools, platforms, integrations, or accounts that are part of their project or service plan.

9. Backups and Data Recovery

Backups and recovery services are provided only when included in a written agreement, proposal, invoice, hosting plan, service plan, or maintenance arrangement.

Backup frequency, retention period, coverage, and recovery options may vary depending on the system, hosting environment, project scope, and service plan.

Unless specifically agreed in writing, Melkom Systems does not guarantee continuous backups, complete data recovery, permanent data retention, or restoration of all lost or corrupted data.

Clients should maintain their own copies of important business records, financial records, legal records, customer records, project files, and other critical information.

10. Data Retention and Deletion

Melkom Systems retains client data only as long as reasonably necessary to provide services, maintain systems, complete projects, comply with legal or contractual obligations, resolve disputes, enforce agreements, maintain backups, or support business operations.

If a client requests deletion, export, or return of data, Melkom Systems will make reasonable efforts to assist, subject to technical limits, service plan limits, legal obligations, backup retention, payment status, and any written agreement between the parties.

Some data may remain temporarily in backups, logs, archives, accounting records, security records, or legal records even after deletion from active systems.

11. Data Export and Portability

Where technically practical and commercially reasonable, Melkom Systems may help clients export data from custom applications.

Export formats, available fields, timing, fees, and technical limitations may depend on the application, database structure, service plan, and written agreement.

Custom data export, migration, cleanup, reporting, or conversion work may be treated as additional billable work unless included in a written agreement.

12. Sensitive and Regulated Information

Unless Melkom Systems specifically agrees in writing, our websites, applications, and services are not designed for storing or processing highly sensitive or specially regulated information.

Clients should not submit, upload, or store information subject to special legal or regulatory requirements unless Melkom Systems has confirmed in writing that the applicable system is designed and authorized for that type of data.

Examples may include protected health information, financial institution data, government-restricted data, highly sensitive identity documents, biometric data, or other regulated information.

13. Employee, Customer, and Third-Party Information

Clients are responsible for providing any notices, consents, disclosures, agreements, or policies required for information they collect from employees, customers, vendors, subcontractors, or other third parties and enter into systems created or supported by Melkom Systems.

Clients are also responsible for determining who within their organization may access employee, customer, vendor, project, expense, job, or business records.

14. Security Incidents

If Melkom Systems becomes aware of a security incident affecting a system or data under its control, we will take reasonable steps to investigate, contain, and address the issue.

When appropriate and legally required, Melkom Systems may notify affected clients or users, provide available information about the incident, and recommend reasonable next steps.

Clients are responsible for notifying their own employees, customers, vendors, regulators, or other third parties when required by law or contract, unless otherwise agreed in writing.

15. Client Responsibilities

Clients are responsible for:

• Providing accurate project, account, and user information
• Managing authorized users and permissions
• Removing access for users who no longer need it
• Keeping their own devices, networks, and email accounts secure
• Maintaining copies of important business records where appropriate
• Using the system only for lawful and authorized purposes
• Following applicable employment, privacy, tax, accounting, consumer protection, and business laws
• Not uploading sensitive or regulated information unless approved in writing
• Promptly reporting suspected errors, unauthorized access, or security issues

16. Limitations

Melkom Systems provides reasonable security measures but cannot guarantee that systems will be error-free, uninterrupted, immune from cyberattacks, or completely secure.

Security and data protection depend on many factors, including client practices, user behavior, third-party platforms, hosting providers, internet service providers, device security, password strength, browser settings, integrations, and the service plan selected by the client.

Additional security requirements, compliance requirements, monitoring, audits, penetration testing, advanced backups, disaster recovery, or high-availability configurations may require a separate written agreement and additional fees.

17. Changes to This Policy

Melkom Systems may update this Client Data & Security Policy from time to time. When we update it, we will revise the “Last updated” date at the top of this page.

The updated version will be effective when posted unless otherwise stated.

18. Contact Us

If you have questions about this Client Data & Security Policy or how Melkom Systems handles client data, please contact us:

Melkom Systems

California, United States

Email: hello@melkomsystems.com