1) Overview
NC Title Transfer Concierge (“we,” “us”) follows a defense-in-depth approach. We encrypt data in transit, enforce least-privilege access, and continually monitor and improve our controls.
2) Goals & Principles
- Confidentiality: only authorized parties can access data.
- Integrity: information is accurate and tamper-resistant.
- Availability: systems are resilient and recoverable.
- Least privilege: access based on role and necessity.
3) Data Handling
- We collect only what’s needed to complete DMV services.
- Documents are stored securely and retained only as long as necessary.
- Sensitive uploads are restricted to authorized staff and systems.
4) Encryption
- In transit: TLS (HTTPS) for all public endpoints.
- At rest: platform-level encryption for databases and storage used for documents.
5) Access Control
- Role-based access controls; access on a need-to-know basis.
- Strong authentication and session controls for internal tools.
- Device hygiene requirements and periodic access reviews.
6) Infrastructure & Network
- Hardened cloud infrastructure with network segmentation.
- Managed firewalls, WAF/CDN, and automated patching where available.
- Monitoring and alerting for abnormal activity.
7) Application Security
- Secure coding practices, dependency updates, and code review.
- Protections against common web risks (XSS, CSRF, injection).
- Configuration and secret management with least privilege.
8) Document Handling
- Document uploads use encrypted transport and secure storage.
- Access to documents is logged and limited to assigned personnel.
- We provide guidance to clients on safe sharing and redaction when appropriate.
9) Vulnerability Management
- Routine dependency scanning and OS/image patching.
- Tracked remediation SLAs based on severity and exploitability.
- Third-party assessments as needed for higher-risk areas.
10) Incident Response
- Documented triage, containment, investigation, and recovery procedures.
- Post-incident reviews to address root causes.
- Notifications to affected parties when legally required.
11) Backups & Continuity
- Regular backups of critical data and configurations.
- Geo-redundant or provider-managed durability for key storage services.
- Tested restoration procedures for time-sensitive operations.
12) Compliance & Privacy
Our practices align with applicable laws/regulations for our services. For how we collect and use personal information, see our Privacy Policy and manage site cookies via Cookie Preferences.
14) Subprocessors
We may use vetted third-party providers (e.g., hosting, communications, payments, document storage) to deliver our services. These vendors are bound by contractual obligations to protect data and use it only as instructed.
15) Report a Security Issue (Responsible Disclosure)
Found a vulnerability or security concern? Please email security@nctitleconcierge.com with details (steps to reproduce, impact, and a contact). Don’t publicly disclose until we confirm a fix. We appreciate responsible research and will acknowledge valid reports.
16) Changes to this Page
We periodically update this page to reflect control improvements and industry best practices. We’ll revise the “Updated” date above when changes are made.
17) Contact Us
222 E Bland St, Unit 411
Charlotte, NC 28203
support@nctitletransfer.com • (980) 701-5265
Legal entity: Ottoform LLC (operator)