Get an Estimate!
Awesome Image

Data Security Policy

Introduction

This Data Security Policy (“DSP”) describes the measures STALLION MOVE LLC (“Company,” “we,” “our”) uses to protect customer information, employee information, operational data, and all systems used in the delivery of our moving and relocation services.

We are committed to preventing unauthorized access, misuse, loss, or destruction of data. Every employee, contractor, vendor, technology partner, or service provider handling Company information is required to comply with this policy.

Our goal is to ensure the confidentiality, integrity, and availability of data throughout its lifecycle and to maintain trust with our customers and business partners.

1. Purpose

The purpose of this DSP is to establish a clear framework for:

  • Protecting customer and Company data against unauthorized access or disclosure.
  • Ensuring the security of information systems used in moving, dispatch, scheduling, billing, and communication services.
  • Maintaining effective administrative, physical, and technical safeguards.
  • Ensuring compliance with federal and state laws, including:
    • FMCSA requirements
    • State-level consumer protection laws
    • CCPA/CPRA (where applicable)
    • TCR (Telecommunications Consumer Regulations) for messaging systems
  • Providing consistent and documented security standards for employees, contractors, and approved vendors.

2. Scope

This policy applies to:

  • All Company data (digital, paper, audio, image, message, etc.)
  • All systems used for customer communication, booking, fleet management, payment processing, or operational support.
  • All employees, subcontractors, movers, dispatchers, and third-party partners who handle Company data.

This includes all devices used for Company business, such as:

  • Computers
  • Mobile phones
  • Tablets
  • Cloud-based systems
  • Customer relationship management tools
  • Messaging and communication systems (SMS, MMS, WhatsApp, email)

3. Violations

Any individual found to be in violation of this DSP may face disciplinary action, including termination of employment or termination of contractual relationships.
Serious violations may be reported to federal/state authorities where required.

4. Information Security Program

STALLION MOVE LLC maintains an information security program designed to:

  1. Protect data confidentiality, integrity, and availability.
  2. Ensure system resiliency and timely restoration in case of outage.
  3. Maintain continuous monitoring and periodic testing of security controls.
  4. Comply with relevant U.S. federal and state laws.

Security responsibilities are managed by Company leadership, along with internal or contracted cybersecurity professionals where necessary.

5. Access Control

5.1 User Access

  • Every user receives a unique login credential.
  • Access is granted based on job role (“least privilege”).
  • Access is removed immediately upon termination or contract end.
  • Vendor access is time-limited and monitored.

5.2 Password Requirements

  • Strong, unique passwords must be used.
  • Passwords may not be shared or written down.
  • Default passwords must be replaced immediately.
  • Multi-factor authentication (MFA) is required where supported.

6. Operational Security

6.1 System Hardening

  • Devices are configured according to industry-recommended security baselines.
  • Unnecessary services and software are removed.
  • Antivirus/antimalware tools are installed and monitored.
  • Production systems are separated from testing environments.

6.2 Patch Management

  • Security updates and patches are applied regularly.
  • Critical patches are installed as soon as practical after release.

6.3 Change Control

  • Significant system changes are logged, tested, reviewed, and approved before deployment.

6.4 Asset Management

  • All company-owned devices and tools are tracked and inventoried.

6.5 Physical Security

  • Company equipment must be secured from unauthorized access.
  • Customer documents or digital records must not be left unattended.

6.6 Vulnerability Monitoring

  • Cybersecurity alerts and vendor notices are monitored.
  • Identified vulnerabilities are addressed promptly.

6.7 Data Loss Prevention

  • Sensitive data may not be stored on personal or unapproved devices.
  • Company systems use encryption where supported.
  • Lost or stolen devices must be reported immediately.

7. Business Continuity and Disaster Recovery

The Company maintains procedures for restoring operations after major disruptions such as:

  • System failures
  • Natural disasters
  • Cyber incidents
  • Network outages

Backups and operational plans are reviewed at least annually.

8. Incident Response

All employees must report security incidents immediately.
Incident handling includes:

  1. Identification
  2. Containment
  3. Remediation
  4. Recovery
  5. Documentation & prevention review

9. Software Development / Third-Party Systems

STALLION MOVE LLC does not typically develop custom enterprise software but may use third-party tools (CRM, dispatch platforms, SMS gateways, payment processors, etc.). These tools must:

  • Follow secure development practices
  • Meet industry security standards
  • Use encryption for data transmission

Vendors must maintain acceptable security controls.

10. Acceptable Use

Employees and contractors must:

  • Use Company systems only for legitimate business purposes
  • Protect devices with passwords or biometric locks
  • Avoid storing customer information on personal devices
  • Avoid using untrusted Wi-Fi networks
  • Immediately report suspicious activity

Employees must NOT:

  • Install unauthorized software
  • Share customer information without permission
  • Visit inappropriate or unsafe websites on Company devices
  • Use Company systems for personal business or side work
  • Introduce malware or attempt to bypass Company security controls

11. Record Retention

Customer and operational data is retained only as long as necessary to:

  • Fulfill the services provided
  • Comply with FMCSA and state legal requirements
  • Maintain accurate business records

Data is securely disposed of when no longer needed.

12. Remote Work

Employees working remotely must:

  • Secure devices against unauthorized access
  • Use trusted, encrypted connections
  • Ensure physical privacy when handling customer data

13. Vendor Management

Any vendor or subcontractor handling customer information must:

  • Sign appropriate agreements
  • Maintain acceptable security standards
  • Follow privacy and data protection rules
  • Comply with this DSP

We reserve the right to audit vendor compliance when necessary.

14. Procurement Security Review

Before new systems or software are purchased, the Company evaluates:

  • Security controls
  • Data handling practices
  • Compliance features
  • Vendor reputation

Annual reviews may be conducted for systems storing customer data.

Effective Date

This Data Security Policy is effective immediately and will be reviewed annually.