Trust & Security

Your data, handled with care.

Omar Huertas LLC is built and run by a CISSP-certified ServiceNow architect. Security and privacy aren’t an afterthought — they’re how we work, on our own systems and on yours.

Security controls

How we protect information

Encryption everywhere

TLS 1.2+ in transit and encryption at rest. The website enforces HTTPS with HSTS and a strict set of security headers (CSP, anti-clickjacking, MIME-sniffing protection).

Strong access control

Least-privilege access, multi-factor authentication on every critical account, SSH keys over passwords, and secrets kept in a dedicated credential vault — never in code or chat.

Backups & recovery

Encrypted, off-host backups of critical systems with restores tested regularly, so data and services can be recovered quickly.

Secure development

Version-controlled code with secret scanning, reviewed and tested changes, dependency checks, and least-privilege service accounts.

Client-system discipline

On your platform we use your credentials, honor your security policies, take only the access the work requires, and return or rotate it when the engagement ends.

Incident response

A documented plan with severity levels, defined breach-notification timelines, and an evidence-preservation runbook — so a bad day is handled, not improvised.

Privacy & data protection

What we collect — and what we don’t

Data minimization

We collect only what’s needed. Website forms capture just your name, email, and message; our apps are built privacy-first with minimal data.

Payments stay with the processor

Card payments are handled by Stripe’s hosted checkout. Raw card data never touches our systems (PCI DSS SAQ A scope).

Your privacy rights

We don’t sell or share your personal information. You can request access, correction, or deletion of your data anytime — email omar@dbaomarhuertasllc.com.

Children’s apps

Our kids’ education apps are data-minimal: no behavioral advertising, no third-party tracking, and parental consent before any personal data is collected (COPPA-aligned).

Read the full Privacy Policy → · Terms · Legal · Accessibility

Compliance posture

Standards we hold ourselves to

Area	Status
Web security (HTTPS, HSTS, CSP, security headers)	In place
Accessibility — WCAG 2.1 AA	Conformant (verified)
Privacy — CCPA/CPRA & GDPR principles	Aligned
Payments — PCI DSS (SAQ A via Stripe)	In scope & maintained
Children’s privacy — COPPA (kids’ apps)	Aligned
SOC 2 / ISO 27001 / NIST 800-171	Control foundation in place; formal attestation available on request for qualifying engagements

SOC 2, ISO 27001, and CMMC are verified by independent assessors. We maintain the underlying controls and policy documentation and pursue formal attestation as client engagements require. HIPAA-regulated work is supported only under a signed Business Associate Agreement.

Responsible disclosure

Found a security issue?

We welcome responsible disclosure. If you believe you’ve found a vulnerability in our website or apps, please email omar@dbaomarhuertasllc.com with the details and steps to reproduce. Please give us a reasonable chance to investigate and remediate before any public disclosure. We’re grateful for the help — and we’ll keep you updated.

Report a security issue →