How we handle customer data, shared access, and account inventories safely
Purpose
We are tightening how we handle customer data and shared tool access. The goal is not bureaucracy; it is fewer phishing risks, less accidental exposure, and cleaner handoffs as the team grows.
This policy applies to customer lists, exports, reports, CSVs, screenshots, access tokens, account credentials, payment data, community data, CRM data, support data, and any files that identify customers or students.
Golden Rules
-
Do not keep customer data on your local machine.
- Temporary downloads are allowed only when needed for an immediate upload, cleanup, analysis, or migration.
- Delete the local file immediately after the task is complete.
- Do not leave customer data in Downloads, Desktop, Slack downloads, or project folders.
-
Do not put customer data in broad shared folders.
- Use the narrowest Google Drive folder or file permission that gets the job done.
- Avoid dropping exports into default shared drives or open team folders.
- If a file contains customer data, assume access should be limited.
-
Use canonical source systems instead of duplicate spreadsheets.
- Prefer the system of record: Stripe, Circle, Customer.io, HelpScout, CRM, ManyChat, or the approved tracker.
- If a working spreadsheet is needed, make it temporary, name the owner, and record when it can be deleted.
-
Use 1Password for logins and sensitive access.
- Do not share passwords in email, chat, docs, comments, screenshots, or task descriptions.
- If a new login or shared account is created, it must be added to 1Password and assigned to the right vault/group.
-
Verify requests for access or data.
- Phishing attempts are increasing and getting harder to spot.
- Treat unusual requests for customer data, passwords, exports, billing data, or account changes as suspicious until verified.
- When in doubt, ask Scott or Carolyn before acting.
Local File Handling Checklist
Before downloading or exporting customer data:
- I know why this file is needed.
- I know where it will be uploaded or used.
- I know who needs access.
- I know when the local copy can be deleted.
After the task:
- Uploaded or processed the file.
- Deleted the local copy.
- Emptied Trash if the file was sensitive and no recovery copy is needed.
- Removed duplicate copies from Downloads/Desktop/project folders.
- Confirmed the durable copy lives only in the approved source system or restricted Drive location.
Google Drive Rules
Use these defaults unless Scott/Carolyn says otherwise:
- Customer exports and student lists should live in restricted folders, not broad shared drives.
- Use named people or specific groups, not public links.
- Avoid “Anyone with the link” for customer data.
- Remove access when a project ends.
- If you create a temporary folder for migration or cleanup, name it clearly and include an owner and cleanup date.
Suggested naming pattern:
YYYY-MM-DD - Temporary Customer Export - Owner - Delete After YYYY-MM-DDShared Tools To Audit
These tools commonly contain customer, student, billing, or audience data and should be reviewed periodically for access hygiene:
| Tool | Data/Risk | Working Owner |
|---|---|---|
| Meta Business | Social/ad account access, page permissions | Scott / Carolyn |
| Customer.io | Email lists, segments, customer attributes | Dan / Carolyn |
| HelpScout | Customer support history and PII | Carolyn |
| Stripe | Payments, invoices, customer billing data | Scott |
| Circle | Course/community membership and access | Carolyn / Apryl |
| ManyChat | DM funnel contacts and opt-ins | Cora / Dan |
| Google Drive | Docs, exports, shared files | Carolyn / Scott |
| 1Password | Credentials and shared account access | Scott / Carolyn |
If the owner is unclear, do not guess. Ask Scott or Carolyn and update this page once clarified.
Incident / Suspicious Request Protocol
If you receive a suspicious request involving customer data, payments, credentials, account access, or exports:
- Do not click links or download attachments until verified.
- Verify the request through a known-good channel.
- If the request appears to impersonate a team member, alert Scott or Carolyn.
- Do not forward one-time codes or credentials unless the request is expected and the recipient/source has been verified.
- Record what happened and what action was taken.
Cleanup Cadence
Monthly, Scott/Carolyn or the delegated owner should review:
- Google Drive folders containing customer exports.
- Recent downloaded/exported customer files that may still exist locally.
- Access lists in Customer.io, HelpScout, Stripe, Circle, ManyChat, Meta Business, and Google Drive.
- Whether the social account tracker and 1Password are aligned.
Quarterly, review:
- Whether all team members still need their current access.
- Whether contractor/vendor access should be reduced or removed.
- Whether old migration/project folders can be archived or deleted.
Questions / Ownership
| Topic | Contact |
|---|---|
| Customer data policy | Scott / Carolyn |
| Google Drive cleanup | Carolyn |
| Payment data / Stripe | Scott |
| CRM / sales data | Brian / Marti / Scott |
| People School / Circle access | Carolyn / Apryl |
| Social account inventory | Nina / Carolyn / Scott |
| 1Password access | Scott / Carolyn |