Security Policy

Effective Date: June 29, 2025

Blackfalt, LLC ("Blackfalt," "we," "our," or "us") is committed to maintaining the security and integrity of the information entrusted to us. This Security Policy outlines our approach to protecting data collected through our website (www.blackfalt.com), investor communications, and related platforms (collectively, the "Services").

This policy covers our physical, administrative, and technical safeguards for securing both non-public personal information ("NPI") and sensitive operational or financial data.


1. Data Protection Philosophy

We believe security is foundational to trust. Our policies and systems are designed to protect data confidentiality, integrity, and availability while ensuring transparency and compliance with applicable laws and best practices.


2. Infrastructure and Network Security

2.1 Hosting and Traffic Protection

  • Our web traffic is routed through Cloudflare, a leading security and performance platform.

  • Cloudflare provides DDoS mitigation, TLS encryption, bot filtering, and real-time threat monitoring.

2.2 Encryption

  • All web-based interactions are encrypted using industry-standard TLS (HTTPS).

  • Data in transit between internal systems and partners is encrypted using SSL/TLS or secure VPN tunnels.

  • Sensitive information is encrypted at rest using AES-256 standards where applicable.

2.3 Firewalls and Monitoring

  • Our systems are protected by web application firewalls (WAF) and automated intrusion detection systems.

  • Activity logs and threat data are continuously monitored for anomalies.


3. Data Handling and Access Control

3.1 Principle of Least Privilege

  • Access to sensitive data is limited to employees or service providers with a verified business need.

  • Role-based access control (RBAC) is enforced for administrative functions and internal systems.

3.2 Authentication

  • All internal systems require strong passwords and support multi-factor authentication (MFA).

  • Failed login attempts are rate-limited and logged.

3.3 Data Retention and Disposal

  • Data is retained only for as long as required for operational or legal purposes.

  • Secure deletion practices are used for decommissioned devices or outdated records.


4. Financial and Investor Data

We treat all investor and financial data as highly sensitive. Measures include:

  • Segregated environments for investment documentation

  • Controlled access to sensitive files such as K-1s, subscription documents, and wiring instructions

  • Use of secure portals or encrypted email for sharing confidential materials

We encourage all investors and partners to confirm transfer instructions independently via voice verification to avoid phishing or fraud.


5. Third-Party Services and Vendors

We select third-party providers (e.g., cloud storage, financial services, CRMs) that demonstrate robust security and compliance programs. We conduct due diligence on vendor data protection practices and execute contractual agreements where appropriate.


6. Incident Response

In the event of a suspected security breach, we follow an internal incident response plan which includes:

  • Prompt identification and containment of the breach

  • Notification of affected individuals and regulatory bodies, if applicable

  • Documentation and remediation of root causes

We also maintain cyber liability insurance to address certain breach-related risks.


7. User Responsibility and Security Best Practices

Users of our site and Services are responsible for maintaining the confidentiality of their own systems and access credentials. We recommend:

  • Using strong, unique passwords

  • Enabling MFA on all critical accounts

  • Verifying email and link authenticity

  • Reporting any suspicious activity immediately to legal@blackfalt.com


8. Updates to This Policy

We may update this Security Policy from time to time to reflect changes in law, technology, or our business. Updates will be effective upon posting on this page with the revised effective date.


9. Contact Information

For any questions regarding this Security Policy or to report a concern:

Email: legal@blackfalt.com
Mailing Address: 230 Sunrise Ave, STE B-347, Palm Beach, FL 33480