Security & Compliance Statement

Effective Date: September 22, 2025
(for South Shore Registered Agents LLC)

1. Commitment to Security

South Shore Registered Agents, LLC (“Company,” “we,” “our,” or “us”) is committed to protecting the confidentiality, integrity, and availability of information entrusted to us in connection with our registered agent and business compliance services. While we are not a law firm and do not provide legal advice, we maintain robust operational safeguards to ensure that statutory obligations are met, that sensitive records (such as service of process) are handled responsibly, and that client trust is preserved.

2. Hosting and Infrastructure

• All client data and scanned documents are stored on secure servers physically located in New York State, United States.
• Data is never stored outside the United States.
• Our facilities are subject to controlled access and physical safeguards.

3. Data Protection

• In Transit: All data transmissions are encrypted using HTTPS/TLS protocols.
• At Rest: Passwords are securely hashed. Scanned records are stored with strict access controls.
• Destruction: Physical mail and service of process documents are destroyed after the applicable retention period (30 days post-scan for ordinary mail; per statutory guidelines for service of process).

This destruction schedule is part of our compliance obligations and shall not be deemed negligence. Clients are responsible for ensuring that critical documents are not misdirected to our offices.

4. Security Controls

We apply layered defense-in-depth controls, including:

• Firewalls and intrusion-prevention mechanisms.
• Multi-Factor Authentication (MFA) for administrative access.
• Strict user access role controls.
• Secure coding practices with input sanitization and parameterized queries.
• Fail2Ban intrusion prevention.
• Ongoing vulnerability scanning and prompt security patching.

Our practices are guided by:

• NIST Cybersecurity Framework (Identify, Protect, Detect, Respond, Recover).
• CIS Critical Security Controls for prioritized defensive actions.
• ISO/IEC 27005 principles for risk management.
• OWASP Top 10 for secure coding best practices.

5. Backup and Recovery

• Weekly encrypted backups of scanned records and account metadata.
• Backups retained in secure facilities.
• Recovery processes tested periodically.

6. Activity Logging

• Logs are retained for operational accountability (e.g., record of service of process, scanning, and account activity).
• Logs are retained until 90 days after termination of services.
• Logs may not be altered by clients.

7. Incident Response & Breach Notification

• In the event of a breach affecting “private information” as defined under the New York SHIELD Act, we will notify affected clients as soon as practicable and no later than 7 days after discovery.
• Notifications will be delivered via email and/or secure account portal.
• We are not responsible for breaches originating from third parties (e.g., postal carriers, courts, or state agencies).

8. Force Majeure

We are not liable for delays or failures in receiving, scanning, uploading, or transmitting legal or compliance documents caused by events beyond our reasonable control, including but not limited to: postal disruptions, email filtering by third parties, internet outages, natural disasters, or labor strikes.

If a Force Majeure Event persists for more than 60 consecutive days, we may terminate services without liability.

9. Client Acknowledgments & Risk Assumption

• Clients acknowledge that failure to promptly replace us as registered agent after termination may result in statutory default or dissolution of their entity. We are not liable for any such outcome.
• Clients are solely responsible for monitoring notices we upload or email, and for maintaining updated contact information.

10. Enforcement Rights

We reserve the right to seek equitable relief (including injunctions) if clients misuse our address, trade name, or services in violation of law or these Terms.

Any such relief shall be in addition to monetary remedies.

11. No Third-Party Beneficiaries

This Statement is for the sole benefit of South Shore Registered Agents, LLC and its clients. No third party may enforce or claim rights under it.

12. Governing Law & Jurisdiction

This Security & Compliance Statement shall be governed by the laws of the State of New York. Any disputes shall be resolved in accordance with the arbitration and venue provisions set forth in our Terms of Service.

13. Contact Information

For security-related questions or breach reports, contact:
South Shore Registered Agents, LLC
Email: support@southshoreregisteredagents.com