WVWise Venture

Security Program

Information Security Program Summary

This page summarizes the Wise Venture LLC information security program for the public website, company-operated applications, and the private Earth Angel Merch TikTok Shop integration.

Effective
July 14, 2026
Last Reviewed
July 14, 2026
Contact
contact@wiseventureco.com

Scope and Ownership

This program applies to Wise Venture LLC systems, administrator accounts, endpoints, repositories, cloud services, and company applications used to operate Wise Venture and Earth Angel Merch. Wise Venture designates a Privacy and Security Officer responsible for maintaining the program, coordinating reviews, and tracking exceptions. Wise Venture has not appointed a statutory Data Protection Officer.

Reviewed at least annually and after material security, vendor, or processing changes. The program is proportionate to a small United States company with two authorized administrators.

TikTok Shop Integration Scope

Private, internal catalog and product-listing integration for Wise Venture LLC's own Earth Angel Merch seller accounts.

  • Authorized administrators: Michelle Weisner and Dusty Weisner, both in the United States.
  • Intended data and permissions: Shop authorization, product catalog management, product deletion/recovery, inventory, and warehouse/logistics metadata.
  • Excluded data: The integration does not request buyer, order, payment, messaging, advertising, or creator data.
  • TikTok authorization credentials must be deleted immediately on disconnect. Remaining TikTok-derived records must be deleted or anonymized within 30 days unless retention is legally required.

Risk Management and Least Privilege

Wise Venture maintains a risk-based control program. Administrator access is limited to named, authorized users and must be reviewed at least annually. Access is granted based on business need and removed when it is no longer required.

  • Unique accounts are required; shared credentials are not permitted.
  • MFA is required where supported for administration accounts.
  • Secrets, API keys, and tokens must be stored outside source code and rotated if exposed.
  • Administrative changes and exceptions must be documented.

Endpoint Security

Company endpoints must use current operating system security protections and a locked-down baseline before accessing company systems. The baseline is documented as a requirement until verified by the owners.

  • macOS XProtect/Gatekeeper and automatic security updates enabled.
  • FileVault enabled.
  • macOS firewall enabled.
  • Immediate password required after lock and inactivity lock of 15 minutes or less.
  • Company data should not be stored on unmanaged personal devices unless explicitly approved.

Managed Cloud Network Controls

Wise Venture uses managed cloud providers for hosting, deployment, source control, and email delivery. Wise Venture does not claim to operate its own data centers, security operations center, network intrusion detection system, host intrusion prevention system, or physical network perimeter. Network, platform, and physical security controls for hosted services are supplied by contracted cloud providers and reviewed through vendor oversight.

Encryption and Secure Development

  • Production secrets must be stored in managed environment-variable or secret-management systems, not in source code.
  • Public traffic should use HTTPS/TLS through the hosting provider.
  • Sensitive records should be encrypted in transit and at rest through managed provider controls where available.
  • Code changes should be reviewed before deployment, and production builds must pass framework validation.
  • Dependencies should be kept current and reviewed for security updates.

Vulnerability Management, Logging, and Backups

Wise Venture requires timely remediation based on severity and documents exceptions when immediate remediation is not feasible.

  • Critical patches must be applied within 72 hours, high severity within 14 days, and medium severity within 30 days unless an exception is documented and accepted.
  • Incident notification workflow must be verified and reviewed in an annual tabletop exercise.
  • Application and platform logs are retained only as needed for operations, troubleshooting, security, and legal compliance.
  • Backups and recovery controls depend on the configured managed cloud providers for each application and must be verified for material systems.
  • Incident response records, remediation actions, and owner decisions must be retained as evidence.

Incident Response

Wise Venture maintains an incident response plan for suspected unauthorized access, loss of data, credential exposure, or platform abuse. The public website does not publish operational incident contact trees or detailed attack-response procedures. Security concerns may be sent to contact@wiseventureco.com until a dedicated security alias is confirmed.

Vendor Oversight, Retention, and Training

  • Vendors are reviewed for purpose, access, data categories, and processing geography before use.
  • Retention is limited to operational, security, legal, and business needs.
  • Administrators must review security and privacy responsibilities at least annually and after material changes.
  • The dedicated security alias remains a configuration task until confirmed: security@wiseventureco.com.

These pages describe Wise Venture LLC practices and program requirements. They are not legal advice and do not create claims of certification, independent audit, or regulatory status that Wise Venture has not separately obtained.