Security Policy

Muto Studio — United States

Last Updated: May 15, 2026


Introduction

At Muto Studio, security is a fundamental part of how we design, develop, deploy, and support digital solutions.

We are committed to protecting the confidentiality, integrity, and availability of the information entrusted to us by our clients, partners, and website visitors.

This Security Policy provides an overview of the administrative, technical, and organizational safeguards we implement to help protect our systems, services, and customer data.


1. Our Security Principles

Our security program is guided by the following principles:

  • Security by Design
  • Privacy by Design
  • Least Privilege Access
  • Defense in Depth
  • Continuous Improvement
  • Risk-Based Decision Making
  • Responsible Technology Use

Security considerations are incorporated throughout every stage of our project lifecycle.


2. Infrastructure Security

Our services are hosted using trusted cloud providers and enterprise-grade infrastructure.

Depending on the project, our security architecture may include:

  • Cloud-based hosting environments
  • SSL/TLS encryption
  • Secure DNS management
  • Web Application Firewall (WAF)
  • DDoS protection
  • Content Delivery Networks (CDN)
  • Infrastructure monitoring
  • Network segmentation where appropriate

Infrastructure providers maintain their own security certifications and operational controls.


3. Application Security

Security is considered throughout the software development lifecycle.

Our practices include:

  • Secure coding principles
  • Peer code reviews
  • Dependency management
  • Software updates
  • Patch management
  • Environment separation (Development, Staging, Production)
  • Error monitoring
  • Configuration management

Where appropriate, security testing is performed before deployment.


4. Encryption

We use encryption to help protect information during transmission and, where applicable, while stored.

Security measures include:

  • HTTPS using SSL/TLS
  • Encrypted communications
  • Secure API connections
  • Password hashing where applicable
  • Encrypted backups when supported by the hosting environment

5. Access Control

Access to client information is restricted to authorized personnel who require it to perform their responsibilities.

Our access management practices include:

  • Role-based access control
  • Multi-factor authentication (MFA)
  • Unique user accounts
  • Strong password requirements
  • Access reviews
  • Secure credential management

Access permissions are reviewed periodically and removed when no longer required.


6. Client Data Protection

We are committed to protecting the confidentiality of client information.

Our practices include:

  • Data minimization
  • Confidential handling of project information
  • Secure file sharing
  • Restricted internal access
  • Confidentiality obligations for team members
  • Secure disposal of information when no longer required

Client information is used solely for purposes related to the delivery of contracted services.


7. Backup and Business Continuity

To help ensure service continuity, backup strategies may include:

  • Automated backups
  • Version control
  • Recovery procedures
  • Redundant cloud infrastructure where applicable
  • Disaster recovery planning

Backup frequency and retention periods vary depending on the specific service and hosting environment.


8. Vendor Security

We carefully select technology partners and service providers that support our operations.

Examples include providers for:

  • Cloud hosting
  • Payment processing
  • Customer relationship management
  • Analytics
  • Collaboration
  • Artificial Intelligence
  • Marketing automation

Each provider maintains its own security and privacy practices.


9. Security Monitoring

We continuously monitor our systems and infrastructure to identify potential threats and operational issues.

Monitoring activities may include:

  • System availability
  • Performance monitoring
  • Error logging
  • Security event monitoring
  • Infrastructure health checks
  • Service availability monitoring

10. Incident Response

If a security incident is identified, Muto Studio follows an internal incident response process designed to:

  • Identify the incident
  • Contain potential impact
  • Investigate the cause
  • Restore affected services
  • Implement corrective actions
  • Notify affected parties when required by applicable law

Our goal is to respond promptly while minimizing disruption to our clients.


11. Employee Security Awareness

Security is a shared responsibility.

Team members receive guidance on topics including:

  • Information security
  • Password management
  • Secure communications
  • Phishing awareness
  • Data protection
  • Responsible AI usage
  • Confidentiality obligations

Only authorized personnel may access client information required for their work.


12. Responsible Disclosure

If you believe you have discovered a potential security vulnerability affecting Muto Studio, we encourage responsible disclosure.

Please include:

  • A description of the issue
  • Steps to reproduce the vulnerability
  • Supporting evidence, if available
  • Contact information for follow-up

Reports should be submitted to:

[email protected]

We appreciate responsible reporting and will investigate legitimate security concerns as promptly as reasonably possible.

Please do not:

  • Access data that does not belong to you.
  • Disrupt our services.
  • Attempt denial-of-service attacks.
  • Modify or destroy information.
  • Publicly disclose vulnerabilities before allowing us a reasonable opportunity to investigate and remediate the issue.

13. Compliance

Our security practices are designed to support compliance with applicable laws and recognized industry standards, including:

  • Applicable U.S. privacy laws
  • FTC consumer protection principles
  • CAN-SPAM Act
  • COPPA
  • WCAG 2.2 accessibility objectives
  • Colombian Law 1581 of 2012 (where applicable)

Client-specific security or contractual requirements may be implemented through individual service agreements.


14. Policy Updates

This Security Policy may be updated periodically to reflect changes in technology, security practices, legal requirements, or business operations.

The latest version will always be available through the Muto Studio Trust Center.


15. Contact Information

Questions regarding this Security Policy may be directed to:

  
CompanyMuto Estudio Digital S.A.S. BIC
Email[email protected]
Phone+1 (857) 367-3755
Websitehttps://mutoestudio.com/us

Effective Date

This Security Policy is effective as of May 15, 2026 and supersedes all previous versions.

Valoramos tu privacidad

Usamos cookies para mejorar tu experiencia de navegación, mostrar anuncios o contenido personalizados y analizar nuestro tráfico. Al hacer clic en ‘Aceptar todo’, aceptas nuestro uso de cookies. Política de privacidad