Security
Last updated: March 2026
IMPORTANT: This page describes our security practices for informational purposes only. It does not create any legal obligations, guarantees, or warranties. Our Terms of Service apply in full, including all limitations of liability and disclaimers.
1. Security Practices
We implement commercially reasonable technical and organizational measures to protect data, which may include:
- Encryption in transit (TLS) and at rest where applicable
- Access controls, authentication, and authorization
- Secure development practices and code review
- Regular review of security posture
- Monitoring and logging where appropriate
We do not warrant that these measures are sufficient for your purposes. Security practices may change without notice.
2. RMF Platform Security
For the RMF platform, we may employ additional measures including role-based access control, audit logging, and secure handling of financial data. Platform-specific security details may be provided under separate engagement agreements. Nothing on this page creates obligations beyond those in your engagement agreement and our Terms of Service.
3. No Guarantee or Warranty
WE MAKE NO GUARANTEE, WARRANTY, OR REPRESENTATION THAT OUR SYSTEMS, SERVICES, OR DATA WILL BE SECURE, UNINTERRUPTED, OR FREE FROM UNAUTHORIZED ACCESS, LOSS, CORRUPTION, OR DISCLOSURE. Security measures are implemented on a commercially reasonable basis. No system is completely secure. You use our services entirely at your own risk. We disclaim all warranties, express or implied, regarding security.
4. Limitation of Liability
Our Terms of Service apply in full, including all limitations of liability and disclaimers of warranties. We shall not be liable for any security breach, data loss, unauthorized access, or related damages, except to the extent expressly limited in the Terms. In no event shall our liability exceed the amounts specified in the Terms.
5. Your Responsibilities
You are solely responsible for: (a) maintaining the confidentiality of your credentials; (b) securing your own systems, networks, and devices; (c) complying with your own security and compliance obligations; (d) promptly notifying us of any suspected security incident; and (e) implementing appropriate security measures for your use case. We have no obligation to advise you on your security posture.
6. Incident Response
We may, at our discretion, respond to security incidents in a manner we deem appropriate. We have no obligation to notify you of any incident, except as required by applicable law or by a separate agreement. We do not guarantee any particular response time or remediation. You are responsible for your own incident response and business continuity planning.
7. Reporting Security Issues
If you believe you have discovered a security vulnerability, please contact us at timelee.com. We will investigate and respond as we deem appropriate. Do not publicly disclose vulnerabilities before we have had an opportunity to address them. We have no obligation to fix any vulnerability or to compensate you for any report. Good-faith reporters may receive acknowledgment at our discretion.
8. Changes
We may update our security practices and this page from time to time without notice. Changes do not create new obligations or expand our liability. Continued use of our services constitutes acceptance of the then-current practices. You are responsible for reviewing this page periodically.
9. Contact
For security-related questions, contact us at timelee.com.