StellarClose LLC — Formal Policy Document

Incident Response Plan

Document ID SC-IRP-001
Version 1.0
Effective Date March 22, 2026
Review Cycle Annual
Owner Donna Childree-Gotlib, CEO
Active Breach? Act Now.

Contain first. Communicate second. Document everything. If a breach is suspected or confirmed, go directly to Section 3 — Response Timeline. Do not wait for confirmation before beginning containment.

01
Scope — Covered Systems
System Data Classification Operator
mrsnudgely.ai Real estate transaction data, agent PII, document records StellarClose LLC
arkeio.io Client files, cryptographic proofs, vault records StellarClose LLC
stellarclose.com Business information, contact data StellarClose LLC
mrsnudgelystudio.com Media production assets StellarClose LLC
NudgelyMail Email campaign data, agent contact lists StellarClose LLC
All DigitalOcean infrastructure All of the above StellarClose LLC
02
What Qualifies as an Incident

Any of the following triggers this plan:

  • Unauthorized access to any system, database, or file store
  • Confirmed or suspected exfiltration of customer or user data
  • Ransomware, malware, or destructive attack on any server
  • Credential compromise — any admin, API key, or user account
  • Accidental public exposure of private data (S3, database, file system)
  • Third-party vendor breach affecting StellarClose customer data
  • Any event triggering a legal notification obligation under applicable law

When in doubt, treat it as an incident. It is always better to declare and stand down than to wait and escalate.

03
Response Timeline
0 – 1 Hour
Contain Isolate the affected system immediately. Revoke compromised credentials. Take the affected service offline if necessary. Do not delete logs — preserve all evidence. Take screenshots. Begin a written incident log with timestamps.
1 – 4 Hours
Assess Determine what was accessed, by whom, and for how long. Identify all affected users and data records. Confirm whether data was exfiltrated or only accessed. Review audit logs. Engage legal counsel if PII was compromised.
4 – 24 Hours
Notify Notify affected users within 24 hours of confirmed breach — by email and, where possible, in-app. Notify cyber insurance carrier. Assess state breach notification requirements. If more than 500 Michigan residents are affected, assess attorney general notification. Do not minimize the scope in communications.
24 – 72 Hours
Remediate Patch the vulnerability. Rotate all credentials and API keys. Restore from clean backup if needed. Verify integrity of all remaining data. Re-enable services only after remediation is confirmed.
After Resolution
Review Conduct a post-incident review within 7 days. Document root cause, timeline, and remediation steps. Update security controls to prevent recurrence. Update this plan if gaps are found. File incident report with insurance carrier.
04
Key Contacts
Incident Commander
Donna Childree-Gotlib
CEO, StellarClose LLC
Legal & Compliance
Outside Counsel
To be designated
Infrastructure
DigitalOcean Support
support.digitalocean.com
Cyber Insurance Carrier
To be designated
Notify within 24 hours of confirmed breach
05
Our Commitments to Users
  • 24-hour notification: We will notify affected users within 24 hours of confirming a breach involving their data.
  • Plain language: Breach notifications will describe what happened, what data was involved, and what we are doing — in plain English, without legal deflection.
  • No data sales — ever: StellarClose does not sell user data. This does not change in the event of a breach, acquisition, or closure.
  • We own our mistakes: If we caused or failed to prevent a breach, we will say so clearly.
Donna Childree-Gotlib
Founder & CEO — StellarClose LLC
Document SC-IRP-001 · Version 1.0
Effective March 22, 2026
Next Review: March 2027
© 2026 StellarClose LLC
Privacy Policy Terms of Service Incident Response Plan security@stellarclose.com