Pathways Agency LLC — Information Security Policy
Effective Date: July 12, 2026
1. Purpose
This policy describes how Pathways Agency LLC ("Pathways," "we," "our") protects the data of the creators, staff, and partners who use our platform, Pathway Portal. It reflects our current, real practices as a small organization, and is reviewed and updated as those practices evolve.
2. Scope
This policy applies to all data processed through Pathway Portal (mypathwayhub.com), including creator account information, community content, training records, and any data accessed through connected third-party services such as the TikTok Shop API.
3. Data Storage
All application data is hosted on Render, a managed cloud infrastructure provider, in the Oregon (US West) region. Pathways does not operate its own physical servers. Data in transit to and from the platform is encrypted via HTTPS.
4. Access Control
Access to the Pathway Portal administrative system is restricted to Pathways staff and management — currently the company founder/IT administrator and a small number of managers. Each user authenticates with a unique username and password, and the platform enforces role-based permissions so that staff can only view or modify the information relevant to their role (for example, Coach, Manager, or IT/Administrator). We do not share administrative credentials, and access is granted individually per staff member.
5. Backups
Data durability is supported by our hosting provider's infrastructure, supplemented by periodic local backups maintained by our IT administrator. We are continuing to formalize a documented backup schedule as the organization grows.
6. Security Incident Response
As a small organization, Pathways does not currently maintain a dedicated security team. In the event of a suspected security incident, our IT administrator is responsible for investigating the issue, containing any impact, and notifying company leadership. We are committed to communicating transparently with affected users if a data incident were ever to occur.
7. Data Retention
Data is retained for as long as it is needed to support active platform operations and our ongoing relationship with creators and staff. We are in the process of formalizing a specific data retention and deletion schedule.
8. Third-Party Data Access
Where Pathways integrates with third-party platforms, such as the TikTok Shop API, access is limited to the minimum scopes required for the relevant feature (for example, read-only access to affiliate and product performance data). We do not sell or share user data with third parties for advertising or unrelated commercial purposes.
9. Policy Review
This policy is reviewed periodically and updated as our practices, infrastructure, or applicable requirements change. The current version is published at mypathwayhub.com/security-policy.
10. Contact
Questions about this policy or our data practices can be directed to the Pathways Agency LLC administrative team through Pathway Portal.