BuildNGoLaw client operations
Security, Records & Retention Policy
Effective June 18, 2026. This operating policy explains how BuildNGoLaw handles its own web-design and hosting client records. It is not a substitute for a client-specific agreement, signed statement of work, or legal advice.
Access controls
The BuildNGoLaw customer portal uses time-limited, one-time magic links and HTTP-only session cookies. Portal records are scoped to the authenticated client. Administrative project actions require the protected BuildNGoLaw owner session.
Files and uploads
Client files are stored in protected shared server storage outside public web directories. Database records retain file ownership, project scope, MIME type, size, SHA-256 checksum, uploader, visibility, and storage key. Downloads require an authenticated portal or admin session.
Credential handling
Passwords, API keys, hosting credentials, and recovery codes should not be placed in ordinary portal messages. When credentials are required, BuildNGoLaw records the transfer event and limits storage to the minimum operational period. Clients should rotate transferred credentials after handoff.
Client communications
Portal messages, support tickets, milestone updates, notifications, invoices, payments, and handoff actions are retained as part of the project paper trail. Email alerts may contain a summary, but sensitive project materials remain inside the authenticated portal.
Retention
Active-project records are retained while BuildNGoLaw performs the engagement and any ongoing hosting/support service. After closure or cancellation, core commercial and delivery records may be retained for contract, accounting, dispute, and legal-compliance purposes. Unneeded working files and credentials should be removed or returned on a documented schedule appropriate to the engagement.
Exports and portability
BuildNGoLaw can generate a complete project export containing the structured project record and available uploaded/shared files. Source-code, deployment, repository, credentials, hosting migration, and maintenance transition are tracked through the handoff workflow.
Cancellation and service movement
Clients may request hosting cancellation, migration, source-code delivery, credential transfer, or complete handoff from the portal. A request does not immediately delete data or terminate infrastructure; BuildNGoLaw confirms final billing, delivery scope, timing, and transfer requirements before completing the change.
Deletion requests
A client may request deletion of eligible project data after contractual, payment, accounting, backup, dispute, and legal-retention obligations are satisfied. BuildNGoLaw will identify records that can be deleted and records that must be retained, then document the completed action.
Incident response
If BuildNGoLaw identifies suspected unauthorized access, loss, or disclosure affecting client project data, access should be contained, relevant credentials rotated, logs preserved, impact assessed, and affected clients notified when appropriate. Recovery and corrective actions are documented in the project record.
Client responsibility
Clients remain responsible for approving legal and advertising content, maintaining authorized users and email accounts, protecting devices and inboxes used to access magic links, reviewing delivered work, and promptly reporting suspected unauthorized access.
Questions or security concerns
Contact Michael Grant directly at 661-544-2336 or [email protected]. For an active client project, use the secure portal so the request is attached to the project paper trail.