top of page

MMCo Information Security Policy

Mathes Marketing Co. (MMCo)
Effective Date: May 17, 2026

Purpose

Mathes Marketing Co. (“MMCo”) is committed to protecting company, client, employee, and customer information through responsible security practices and secure payment processing procedures. This Information Security Policy establishes the safeguards, operational standards, and responsibilities used to protect sensitive information and reduce security risks associated with business operations, digital platforms, and payment processing activities.

Scope

This policy applies to:

  • All MMCo employees, contractors, vendors, and authorized users

  • All devices used for company operations

  • All systems, websites, cloud platforms, payment processors, and business software utilized by MMCo

  • Any data collected, processed, transmitted, or stored by MMCo in connection with business operations

Security Objectives

MMCo’s security objectives are to:

  • Protect confidential and sensitive information

  • Prevent unauthorized access, disclosure, alteration, or destruction of data

  • Maintain secure payment processing environments

  • Reduce cybersecurity risks and operational disruptions

  • Support compliance with applicable payment processing and merchant security standards

Payment Processing Security

MMCo utilizes secure third-party payment processors and does not directly store full payment card information on company-owned systems or servers.

Payment Security Practices

  • All payment transactions are processed through encrypted third-party payment gateways.

  • MMCo does not store full credit card numbers, CVV codes, or sensitive authentication data after authorization.

  • Secure Socket Layer (SSL) encryption is enabled on applicable websites and checkout environments.

  • Access to merchant accounts and payment platforms is restricted to authorized personnel only.

  • Multi-factor authentication (MFA/2FA) is enabled where supported.

  • Payment platform passwords are maintained using secure password management practices.

Access Control

MMCo limits access to sensitive information based on business necessity.

Access Standards

  • Unique usernames and passwords are required for authorized users.

  • Shared logins are discouraged whenever possible.

  • Administrative access is restricted to authorized personnel.

  • Access permissions are reviewed periodically and removed when no longer needed.

  • Strong password requirements are enforced.

Device & Network Security

MMCo maintains reasonable safeguards for company-owned and authorized devices.

Security Measures

  • Devices are protected using passwords, biometric authentication, or PIN security.

  • Software updates and security patches are applied regularly.

  • Antivirus and malware protection tools are utilized where appropriate.

  • Secure Wi-Fi networks are required for administrative access to sensitive systems.

  • Public or unsecured networks are avoided when accessing payment or client systems.

Data Protection & Storage

MMCo uses commercially reasonable safeguards to protect company and client information.

Data Handling Practices

  • Sensitive files and credentials are stored using secure cloud-based systems or password managers.

  • Client information is only accessible to authorized personnel.

  • Data backups are maintained through supported cloud or platform services when applicable.

  • Unnecessary sensitive data is not retained.

Third-Party Services & Vendors

MMCo utilizes third-party software and service providers to support operations, including e-commerce, payment processing, website hosting, email communications, and project management.

Third-party providers are expected to maintain their own security and compliance standards appropriate to their services.

Security Incident Response

MMCo will investigate suspected security incidents, unauthorized access attempts, or data breaches in a timely manner.

Where appropriate, affected parties, service providers, or financial institutions will be notified in accordance with applicable obligations and platform requirements.

Employee & Contractor Responsibilities

Authorized users of MMCo systems are expected to:

  • Maintain confidentiality of sensitive information

  • Follow secure password and authentication practices

  • Report suspicious activity, phishing attempts, or security concerns promptly

  • Use company systems responsibly and professionally

Policy Maintenance

This policy will be reviewed periodically and updated as business operations, technologies, or security requirements evolve.

 

Contact Information

Mathes Marketing Co.
Alliance, Ohio

For questions regarding this policy or security practices, contact MMCo directly through official business communication channels.

bottom of page