Data Security Policy

The Timelapse data security policy is designed to protect and preserve your proprietary information, data, and technology infrastructure.

As your strategic creative agency, our goal is to exceed your expectations when it comes to data security. To do so, we have implemented a number of measures, trained and communicated these to our core and extended team, clients, and partners. We have also prepared instructions that help mitigate security risks today and in the future.


This policy is presented and sent to all Timelapse employees, contractors, volunteers, partners, and clients, upon starting work together. It applies to all our employees, contractors, volunteers and anyone who has permanent or temporary access to our systems.

Non-Disclosure Agreements (NDAs)

All our employees, contractors, partners, or volunteers have read and signed a contract and a complete Timelapse NDA upon starting to work with Timelapse.


Emails often host scams and malicious software (e.g. worms.) To avoid virus infection or data theft, we instruct employees to:
  • Avoid opening attachments and clicking on links when the content is not adequately explained (e.g. “watch this video, it’s amazing”).
  • Be suspicious of clickbait titles (e.g. offering prizes, advice).
  • Check email and names of people they received a message from to ensure they are legitimate.
  • Look for inconsistencies or give-aways (e.g. grammar mistakes, capital letters, excessive number of exclamation marks).
If an employee isn’t sure that an email they received is safe, they can refer to their manager.


Password leaks are dangerous since they can compromise an entire infrastructure. Not only should passwords be secure so they won’t be easily hacked, but they should also remain private. For this reason, we advise our employees to:
  • Choose passwords with at least eight characters (including capital and lower-case letters, numbers and symbols) and avoid information that can be easily guessed (e.g. birthdays).
  • Never write down a password.
  • Exchange credentials only when absolutely necessary. When exchanging them in-person isn’t possible, employees should use the phone instead of email, and only if they personally recognize the person they are talking to.
  • Change their passwords every three months.
We require the use of a secure password management system. Only team members working on a specific client project have access to these passwords. Employees are obliged to create a secure password for the tool itself, following the above mentioned advice.

Communication and data transfer

Transferring data introduces security risk. Employees must:
  • Avoid transferring sensitive data (e.g. customer information, employee records) to other devices or accounts unless absolutely necessary. When mass transfer of such data is needed, we request employees to ask our Security Specialists for help.
  • Share confidential data over private, company or employee-owned Wi-Fi networks and not over public Wi-Fi or private connection.
  • Ensure that the recipients of the data are properly authorized people or organizations and have adequate security policies.
  • Report scams, privacy breaches and hacking attempts.
We advise our employees to report perceived attacks, suspicious emails or phishing attempts as soon as possible to the management team.

We use Google Drive and Dropbox to share information internally and prepare presentations.
  • When sharing a google document, spreadsheet, or slide, we always invite specific people instead of making the document available to view or edit permissions with the link.
  • When sharing a Dropbox link, we only communicate the link to the appropriate party internally or externally.
We use Slack, Gmail, and Asana to communicate internally and with our customers.
  • All of our communication systems are password-protected, role and permission-based, and have anti-virus and threat screening features.
  • Channels and projects are siloed so employees, clients, partners, and contractors only have access to their channels and projects.
  • We never share passwords, API keys, or data access via these communication platforms.
We use a secure and proven video conferencing tool when meeting internally and with you about your projects.

Additional measures

To reduce the likelihood of security breaches, we also instruct our employees to:
  • Turn off their screens and lock their devices when leaving their desks.
  • Report stolen or damaged equipment as soon as possible.
  • Change all account passwords at once when a device is stolen.
  • Report a perceived threat or possible security weakness in company systems.
  • Refrain from downloading suspicious, unauthorized or illegal software on their company equipment.
  • Avoid accessing suspicious websites.

Disciplinary action

We expect all our employees to always follow this policy and those who cause security breaches may face the following disciplinary action:
  • First-time, unintentional, small-scale security breach: We may issue a verbal warning and train the employee on security.
  • Intentional, repeated or large-scale breaches (which cause severe financial or other damage): We will invoke more severe disciplinary action up to and including termination. We will examine each incident on a case-by-case basis.
Additionally, employees who are observed to disregard our security instructions will face progressive discipline, even if their behavior hasn’t resulted in a security breach.

Team Timelapse