Information Security Policy

Organization: Sierra Digital Forge LLC Product covered: QuiltRBuddy (Windows desktop + Android, .NET MAUI) Effective date: May 18, 2026 Last reviewed: May 18, 2026 Document owner: Ronald Warren, Managing Member Version: 1.0

⚠️ DRAFT — REQUIRES LAWYER REVIEW BEFORE PUBLICATION.

1. Introduction & Purpose

Sierra Digital Forge LLC (“Sierra Digital Forge,” “we,” or “us”) develops QuiltRBuddy, a cross-platform quilting companion shipped as a Windows desktop application and an Android application, both built on .NET MAUI. This Information Security Policy (“Policy”) establishes the baseline practices Sierra Digital Forge follows to identify, mitigate, and monitor information-security risks across all systems that handle user data or access third-party services on the user’s behalf.

The purposes of this Policy are:

To protect user-supplied information against unauthorized access, disclosure, alteration, or destruction.
To define the minimum technical and operational controls applied across Sierra Digital Forge systems and the software it ships to end users.
To establish a clear and current incident-response posture so that any suspected breach receives a timely, recorded, and proportionate response.
To document Sierra Digital Forge’s subprocessor list and the data each subprocessor receives.
To provide a written reference for partners, vendors, and regulators that request evidence of operational security practices.

This Policy is operationalized — every commitment described below reflects a practice Sierra Digital Forge currently performs or is currently positioned to perform on the systems in scope.

2. Scope

This Policy applies to:

The QuiltRBuddy Windows desktop application, the QuiltRBuddy Android application, and any successor products distributed by Sierra Digital Forge under the QuiltRBuddy name.
The developer workstation(s) on which Sierra Digital Forge stores source code, credentials, and signing keys.
All third-party integrations (subprocessors) Sierra Digital Forge has contracted with to deliver functionality, including (without limitation) Google Cloud (Gemini API) and the eventually-selected payment processor ({{PAYMENT_PROCESSOR}}).
All user data Sierra Digital Forge becomes a custodian of, however briefly.

This Policy does NOT cover:

Operations of subprocessors on their own infrastructure (each subprocessor maintains its own security posture, which Sierra Digital Forge evaluates at the point of integration).
User payment-instrument details, which are never collected, stored, or transmitted by Sierra Digital Forge — the payment processor’s hosted checkout surface receives them directly.

3. Roles & Responsibilities

Sierra Digital Forge LLC is a member-managed limited liability company. All security responsibilities are vested in the Managing Member, who is accountable for the design, operation, and review of every control described in this Policy.

Role	Holder	Responsibility
Managing Member / Security Officer	Ronald Warren	Final accountability for this Policy. Approves new vendor integrations. Owns the incident-response process. Conducts the annual policy review.
Operational Lead	Ronald Warren	Day-to-day implementation of the controls described herein.
Successor / Continuity Contact	To be designated	Holds emergency access to credentials and codebase in the event the Managing Member is incapacitated (see Section 12).

As Sierra Digital Forge grows, additional roles (engineering, support, compliance) will be added to this section with role-specific responsibilities and access scopes.

4. Information Classification

Sierra Digital Forge classifies information into four tiers. Handling requirements scale with classification.

4.1 Sensitive (Tier 1)

Account-binding data and identifiers that, if disclosed, could result in unauthorized access to a user’s QuiltRBuddy Community account or to the user’s subscription. Examples:

Community account session and refresh tokens.
Payment-processor customer identifiers and the non-reversible token returned by the processor for the user’s stored payment method.

Handling:

Stored on-device only, in encrypted-at-rest storage where the platform offers it (see Section 6).
Never transmitted to Sierra Digital Forge-controlled infrastructure other than the Community backend, and only over TLS-protected channels.
Transmitted to third parties only as defined in Section 7 and only over TLS-protected channels.
Deletable by the user at any time via the in-app “Delete Community Account” affordance.

4.2 Confidential (Tier 2)

User-identifying or user-supplied information that is not directly account-binding but still warrants protection. Examples:

Display name, optional bio, and email address (when the user signs in to Community).
Optional avatar image reference.
Community posts, comments, and challenge participation the user has published.

Handling:

Stored on-device for local-first reads, and on the Community backend for users who have opted into Community.
Transmitted to third parties only for the purpose of the relevant feature (e.g., a post sent to Gemini’s safety classifier for moderation pre-screen).
Deletable by user via in-app delete.

4.3 Internal (Tier 3)

Operational data that supports the application but does not identify users. Examples:

App preferences (theme, workspace state, fabric-catalog imports, draft compositions).
Anonymous diagnostic logs on the user’s device.
Project files (quilt designs, block files) saved into the user’s own folders.

Handling:

Stored on-device in App-private storage (Android) or in user-chosen folders (Windows). Project files belong to the user and are never uploaded.
Process-lifetime only for caches.

4.4 Public (Tier 4)

Information intended for unrestricted distribution. Examples:

Marketing copy on www.sierradigitalforge.com.
Help content shipped inside the application.
This Policy itself (may be shared with partners and regulators on request).

No special handling required.

5. Access Control & Authentication

5.1 Account access

The Google Cloud Console (Gemini project), the eventual payment-processor administrative dashboard, the Microsoft Partner Center, the Google Play Console, and the GitHub repository hosting QuiltRBuddy source code each require two-factor authentication (2FA) on the Managing Member’s account. No shared accounts are used for any of these services.
Credentials are stored in a personal password manager protected by a strong unique master password and 2FA. Credentials are never embedded in source code committed to version control.
API secrets required at build time (GEMINI_API_KEY, payment-processor publishable + secret keys) are stored in a secrets.json or equivalent local configuration file on the developer workstation. That file is excluded from version control via .gitignore and is not synchronized to any cloud service.

5.2 Workstation access

The primary developer workstation runs Microsoft Windows with full-disk encryption (BitLocker) enabled and a strong account password.
The workstation is locked when unattended.
Working copies of the source code reside on a local drive (D:\Projects\QuiltRBuddy); the OneDrive sync service is intentionally disabled for the project directory to prevent unintended cloud replication of secrets or build artifacts.

5.3 Application user access

End users of the QuiltRBuddy desktop and Android applications can use the App fully offline without authenticating. The block builder, quilt layout, 3D view, cut-list, file save/open, and color-palette features all work without an account.
Users who opt into Community authenticate against the Community identity provider ({{IDENTITY_PROVIDER}} — currently planned as Firebase Authentication). The provider’s sign-in UI is presented directly to the user; Sierra Digital Forge does not see or store the user’s plaintext password.
Payment subscription purchases are made through the eventual payment processor’s hosted checkout surface. The processor presents its own checkout UI directly to the user inside the App’s WebView or the user’s browser, and Sierra Digital Forge does not see, intercept, or store payment-instrument details.

5.4 Principle of least privilege

API keys are scoped to the minimum products required for the application’s functionality. The Gemini API key is scoped to text and vision generative AI for moderation and Premium AI features. The payment-processor API keys are scoped to the customer/subscription resources required for QuiltRBuddy’s Premium tier.

6. Encryption Standards

6.1 Encryption in transit

All network traffic between the QuiltRBuddy application and third-party services uses TLS 1.2 or later, enforced by the respective vendor SDKs:

Gemini API — TLS managed by the Google AI client library.
Payment processor API — HTTPS with TLS, managed by the processor’s official SDK.
Community identity provider — TLS managed by the provider’s SDK.

The application does not accept unencrypted HTTP connections to any first-party or third-party endpoint.

6.2 Encryption at rest — user device

Community session and refresh tokens are stored in platform-specific protected storage (Windows: DPAPI-backed PasswordVault or equivalent; Android: EncryptedSharedPreferences from androidx.security:security-crypto).
Project files and block files are saved to the user’s chosen folders on Windows, and to App-private external storage on Android (Android/data/{{ANDROID_PACKAGE_NAME}}/files/). Both inherit the operating system’s at-rest protection (BitLocker on Windows when enabled by the user; file-based encryption on Android modern devices).
Application preferences not classified as sensitive are stored in MAUI’s Preferences API, which on Android maps to standard SharedPreferences and on Windows maps to ApplicationDataContainer — both protected by the operating system’s user-account sandbox.
The application supports the standard platform user-data wipe behavior — uninstalling the application or invoking the in-app “Delete Community Account” flow removes all stored user data on Android; on Windows the user can remove the App’s local data folder if they choose.

6.3 Encryption at rest — Community backend

User data Sierra Digital Forge stores on the Community backend (display name, posts, challenges, subscription state) is encrypted at rest by the backend provider’s standard storage encryption. Access to Community records is governed by per-user authorization rules that scope each record to the owning user.

6.4 Encryption at rest — Sierra Digital Forge environment

Developer workstation: full-disk encryption (BitLocker) enabled.
Source code repository: hosted on GitHub under a private repository. GitHub’s at-rest encryption applies. The repository contains no production secrets (see Section 5.1).
Credential storage: managed via the developer’s password manager, which encrypts credentials at rest with a master-key-derived AES-256 key.

Sierra Digital Forge does not currently operate a backend server independent of the eventual Community backend provider.

7. Vendor / Subprocessor Management

Sierra Digital Forge engages the following subprocessors. Each subprocessor was evaluated for its security posture, contractual data-protection commitments, and operational fit before integration. Each is governed by the subprocessor’s published Terms of Service or Data Processing Addendum, as applicable.

Subprocessor	Service provided	Data shared
Google LLC — Gemini API (USA)	Generative AI for Community moderation pre-screen and Premium AI features (color matching, block-name suggestions)	The post text or image being moderated; Premium AI feature inputs (color queries, block descriptions). No user identifier sent.
`{{PAYMENT_PROCESSOR}}` — payment processing	Subscription purchase, renewal, and customer-management	Customer email; subscription state. Sierra Digital Forge never sees payment-instrument details.
Google Play Billing (USA) — for the Android Premium tier	Subscription as Merchant-of-Record for Android purchases	Subscription state for Android subscribers.
`{{IDENTITY_PROVIDER}}` — Community identity (currently planned as Firebase Authentication, USA)	Account credential management for Community sign-in	Email; hashed password (provider-managed); session tokens.

7.1 Vendor onboarding

Before integrating any new subprocessor, the Managing Member evaluates:

The subprocessor’s published privacy and security documentation.
Whether the subprocessor offers a Data Processing Addendum or equivalent contractual commitment.
Whether the data shared with the subprocessor is necessary for the feature, or whether the equivalent feature can be implemented on-device.
The subprocessor’s data-use policy, specifically whether user data submitted to the subprocessor can be used to train its models. Sierra Digital Forge selects tiers and configurations that disable training-on-user-data where the option is offered.

7.2 Vendor monitoring

Each subprocessor’s status page is referenced when troubleshooting application incidents.
Security incident notifications from subprocessors are routed to info@sierradigitalforge.com and acted on per the incident-response procedure in Section 8.
New documentation or policy changes from subprocessors are reviewed at least annually.

7.3 Vendor offboarding

When a subprocessor is removed:

API keys are rotated or revoked.
The corresponding code path is removed or feature-flagged off in the next application release.
Any locally cached tokens for the removed subprocessor are deleted from user devices in the same release.

8. Incident Response

Sierra Digital Forge maintains a documented incident-response procedure for suspected or confirmed information-security events.

8.1 Definitions

Security event: An observed or reported condition that may indicate a compromise of user data, credentials, or systems in scope.
Confirmed incident: A security event that, on investigation, is determined to have resulted in unauthorized access, disclosure, alteration, or destruction of in-scope data.
Breach: A confirmed incident that meets the regulatory threshold for user or regulator notification in the applicable jurisdiction.

8.2 Detection

Security events may surface from:

A user report to info@sierradigitalforge.com or ron@sierradigitalforge.com.
A subprocessor security advisory or status notification.
Observation by the Managing Member during development, code review, or routine operation.

8.3 Response procedure

When a security event is reported or observed:

Acknowledge. Log the event with date, time, source, and initial summary.
Triage. Assess scope and severity within 24 hours of detection. Determine whether the event qualifies as a confirmed incident.
Contain. If credentials are suspected to be exposed, rotate the affected API keys within 24 hours of confirmation. If a user account is affected, contact the user to coordinate remediation.
Notify. For confirmed incidents that meet breach thresholds:
- Notify affected users within 72 hours of confirmation.
- Notify any affected subprocessors per their published contact procedures.
- Notify regulators where applicable jurisdictional law requires.
Remediate. Apply technical fixes (patches, code changes, configuration changes) and operational fixes (policy updates, training).
Record. Document the root cause, the timeline, and the remediation actions taken.
Review. Update this Policy or related procedures as needed to prevent recurrence.

8.4 Incident contacts

Primary contact: info@sierradigitalforge.com (routes to Managing Member)
Executive contact: ron@sierradigitalforge.com
Telephone (urgent matters): 702-469-7646 (voice or text)
Office line: 1-855-SIERRA (1-855-743-7772)

8.5 Post-incident review

For every confirmed incident, a brief written post-incident review is completed within 30 days. The review identifies root cause, timeline, response effectiveness, and any policy changes required. Post-incident reviews are retained as part of the Sierra Digital Forge security record.

9. Vulnerability Management & Patching

9.1 Application dependencies

Third-party .NET / MAUI / NuGet dependencies are reviewed at each QuiltRBuddy release.
The Android SDK target and the Windows SDK version are tracked to the current Microsoft- and Google-supported levels.
Known CVE-tier vulnerabilities in dependencies are patched within the following targets:
- Critical or High severity: within 30 days of publication.
- Medium severity: within 90 days of publication.
- Low severity or informational: at the next regularly scheduled release.

9.2 Subprocessor advisories

When a subprocessor publishes a security advisory affecting an integrated feature, Sierra Digital Forge evaluates the advisory promptly and applies the recommended mitigation within the timeframe the subprocessor specifies, or within the severity-tier targets above, whichever is shorter.

9.3 Workstation patching

The developer workstation receives operating system and application security updates on the vendor’s standard release cadence. Major OS updates are applied within 30 days of general availability.

9.4 Penetration testing

Sierra Digital Forge does not currently engage a third-party penetration tester. Because the application has no public-facing server infrastructure beyond the Community identity provider and the payment processor (both administered through vendor consoles), the attack surface visible from outside the user’s device is limited to the application binary as distributed via the Microsoft Store / Google Play Store and the encrypted communications with subprocessors. As Sierra Digital Forge scales and adds infrastructure, third-party penetration testing will be added to this Policy.

10. Logging, Monitoring & Audit

10.1 Application logging

QuiltRBuddy writes diagnostic logs to the local platform log facility during development. No log content is transmitted off-device in production builds.

10.2 Sierra Digital Forge environment logging

The developer workstation generates standard Microsoft Windows audit logs.
Subprocessor administrative dashboards generate their own audit logs accessible through the respective consoles when needed for an investigation.

10.3 Subprocessor audit

Each subprocessor maintains its own internal logging for API access. Access to those logs is available via the respective administrative consoles.

11. Data Retention & Deletion

11.1 User-controlled retention

User data created or stored by QuiltRBuddy resides on the user’s device by default, and for Community users on the Community backend. The user controls retention by:

Uninstalling the application (Android: reclaims sandboxed storage; Windows: leaves project files in the user’s chosen folders, which the user can delete).
Using the in-application “Delete Community Account” affordance under Edit > Preferences > Your Data, which performs an in-app wipe of Community-side records and triggers backend deletion.

11.2 Sierra Digital Forge-controlled retention

For Community users, Sierra Digital Forge retains Community account and content records for as long as the account is active. On deletion, those records are removed subject to short-term backups that age out on a rolling 30-day cycle.

The Sierra Digital Forge environment otherwise retains only:

Application source code and build artifacts in version control.
API credentials for subprocessors (in the developer password manager and the local secrets.json / equivalent).
Business records (incident reports, vendor agreements, this Policy).

11.3 Subprocessor retention

Each subprocessor retains data per its own retention policy. Sierra Digital Forge configures each subprocessor for the most restrictive retention available.

See DATA_RETENTION_AND_DISPOSAL_POLICY.md for the full retention matrix.

12. Business Continuity & Disaster Recovery

12.1 No production server dependency

Beyond the eventual Community backend and payment processor, Sierra Digital Forge does not operate a production server. Service-side downtime risk for end users is limited to what those subprocessors and the store delivery infrastructure introduce.

12.2 Source code resilience

Source code is maintained in a private GitHub repository with regular commits. Working copies on the developer workstation are backed up to an external storage drive on a regular schedule.

12.3 Credential resilience

Credentials are held in the developer’s password manager, which provides its own encrypted cloud sync and recovery. Build-time API secrets are reproducible by re-fetching them from each subprocessor’s dashboard.

12.4 Key-person risk

Sierra Digital Forge is currently a member-managed LLC with a sole operator. A designated successor will be identified and provided with documented emergency-access procedures (including password manager recovery, source code access, and Community backend ownership transfer) as the company adds personnel.

12.5 API key compromise recovery

If a Sierra Digital Forge-held API key is suspected to be compromised:

Revoke the key via the subprocessor’s dashboard.
Generate a new key.
Update the local secrets.json / equivalent on the developer workstation.
Rebuild and release the application with the new key in the next available release.
Document the event per Section 8.

13. Risk Assessment & Review Cadence

13.1 Annual policy review

This Policy is reviewed in full at least once per calendar year. The review is performed by the Managing Member and considers:

Whether each control in the Policy is still operational.
Whether new subprocessors have been integrated since the last review.
Whether new product features have changed the data-handling profile.
Whether new regulatory or contractual requirements apply.
Whether any incidents from the past year warrant procedural updates.

13.2 Triggered review

In addition to the annual review, this Policy is reviewed in full or in part on the occurrence of any of the following events:

Integration of a new subprocessor.
Launch of a new product or major feature that materially changes the data-handling profile.
A confirmed security incident (per Section 8).
A new applicable regulatory requirement.
A request from a partner or regulator that surfaces a control gap.

14. Compliance & Regulatory Posture

14.1 Privacy

QuiltRBuddy is distributed in jurisdictions that include the United States and the European Economic Area. Sierra Digital Forge maintains a Privacy Policy that describes user-facing data collection, use, sharing, and rights. The Privacy Policy is published at the URL specified in the Google Play Console listing for QuiltRBuddy.

The Privacy Policy honors the access, correction, and deletion rights provided by the California Consumer Privacy Act (CCPA / CPRA) and the EU General Data Protection Regulation (GDPR) where they apply.

14.2 Software classification

QuiltRBuddy is a creative-tools application. It does not process payments outside the eventual payment processor’s hosted surface, it does not handle financial or health data, and it is not regulated as a financial-services or healthcare product.

14.3 Store compliance

Sierra Digital Forge complies with the Google Play Data Safety disclosure for QuiltRBuddy and with Microsoft Store policy for the Windows distribution. Data types collected and shared with subprocessors are declared per each store’s requirements.

15. Policy Distribution & Contact

This Policy is made available to:

Partners, vendors, and regulators on request, via the contact channels below.
Internal personnel (currently the Managing Member) at all times.

Sierra Digital Forge LLC — primary contacts

Channel	Detail
Mailing address	c/o Northwest Registered Agent LLC, 732 S. 6th St., Suite N, Las Vegas, NV 89101, USA
Executive email	ron@sierradigitalforge.com
Operations / security email	info@sierradigitalforge.com
Telephone (voice or text, mobile)	702-469-7646
Telephone (office)	1-855-SIERRA (1-855-743-7772)
Website	www.sierradigitalforge.com

16. Acknowledgment

I, Ronald Warren, in my capacity as Managing Member of Sierra Digital Forge LLC, attest that the practices described in this Information Security Policy are operational as of the Effective Date, and commit to maintain, review, and update this Policy in accordance with the cadences specified herein.

Ronald Warren Managing Member, Sierra Digital Forge LLC Date: May 18, 2026