Information Security Policy

Last updated: February 22, 2026

This Information Security Policy describes the baseline security controls used by Break Space Inc. dba Pyract (“Pyract”) to protect customer and financial data.

1. Access control

Access to sensitive data is limited to authorized personnel with a business need. Access is restricted using least privilege and reviewed periodically. MFA is enabled for critical systems.

2. Encryption

Data in transit uses TLS 1.2 or higher. Sensitive data is protected at rest.

3. Monitoring

Security events are logged and monitored.

4. Vulnerability management

Systems are updated and patched regularly.

5. Incident response

Incidents are investigated, contained, and reported as required by law.

6. Third-party risk

Third-party providers are assessed and limited to necessary access.

7. Data lifecycle

Data is retained only as needed and securely deleted.