C3 Tech – Security & Trust Center

At C3 Tech, the security, privacy, and reliability of our clients’ data is foundational to everything we do. Our systems, processes, and internal culture are built to maintain the highest standards of confidentiality, integrity, and availability. This Security & Trust Center outlines our security practices and how we protect the information entrusted to us.

Our Commitment to Security

C3 Tech maintains a securityfirst approach across all business operations. We implement industrystandard controls aligned with SOC 2 principles and continuously evaluate and improve our internal policies, technical safeguards, and employee training initiatives3

We are committed to:

ic-safeguarding-customer-data

Safeguarding customer data

ic-maintaining-resilent

Maintaining resilient and available systems

ic-continual-risk-assessment

Continual risk assessment and mitigation

ic-transparent-communication

Transparent communication with our clients

SOC 2 Compliance

C3 Tech is actively aligned with the AICPA SOC 2 Trust Services Criteria and maintains controls in the following areas:

img-security

Security

All systems are protected against unauthorized access using layered security, strong access controls, endpoint monitoring, and network protections.

img-availability

Availability

We track system uptime, redundancy, and performance to ensure the availability of services according to our commitments.

img-confidentiality

Confidentiality

Sensitive and proprietary data is protected throughout its lifecycle using both organizational safeguards and technical controls such as encryption.

SOC 2 report details are available to clients and prospective clients under NDA upon request.

Security Practices

  • Role based access with least privilege principles
  • Multifactor authentication for all administrative systems
  • Centralized authentication and logging

  • Data encrypted in transit using TLS 1.2+
  • Data encrypted at rest using AES 256
  • Segmented network architecture

  • Formal change management processes
  • Code review and approval workflows
  • Security testing integrated into development cycles

  • Continuous endpoint and network monitoring
  • Automated alerting and log aggregation
  • Formalized incident response procedures and escalation paths

  • All vendors undergo a security and compliance review
  • Contracts include data protection and confidentiality requirements
  • Monitoring of ongoing vendor compliance

  • Documented and tested disaster recovery plans
  • Secure, redundant backups
  • Regular risk assessments to evaluate resilience

Privacy & Data Handling

C3 Tech adheres to privacy practices aligned with industry standards and applicable regulations.

  • Data collection is limited to what is necessary
  • Customer data is never sold or shared for marketing
  • Data subject rights are respected according to regulatory requirements

Please refer to our Privacy Policy for additional details.

Employee Training & Security Culture

Every team member at C3 Tech plays a role in protecting client data. We maintain:

  • Mandatory annual cybersecurity training
  • Ongoing phishing simulations
  • Signed confidentiality and acceptableuse agreements
  • Strict onboarding and offboarding processes

Responsible Disclosure Program

We encourage security researchers and customers to report potential vulnerabilities responsibly.

If you believe you have discovered an issue, please contact our security team: security@myc3.tech

We review all legitimate reports and act promptly to validate and mitigate issues.