Surge members and partners handle sensitive business, client, and partner information daily. Protecting this data is essential to maintaining trust, compliance, and the integrity of our platform. This policy outlines how all Surge members - including Scouts, Strategists, Mentors, and partners - must manage, store, and share information.

This policy ensures that all confidential data is handled responsibly, securely, and in compliance with privacy and data protection laws.
It protects Surge, our clients, and our partners from potential risks related to data misuse, loss, or unauthorized disclosure.

All Surge members, team members, affiliates, and partner organizations are required to comply with this policy as part of their Independent Contractor Agreement and Code of Conduct.

Confidential information includes, but is not limited to:

If you’re unsure whether something is confidential, assume it is and handle it accordingly.

All confidential data must be stored within approved Surge systems, such as the official platform dashboard, CRM, or document portals. Personal devices should be password-protected, encrypted where possible, and never used for long-term storage of client or partner data.

Only access or share information relevant to your specific role or project. Never forward documents, spreadsheets, or credentials to individuals outside the Surge ecosystem without written approval.

Use official Surge communication channels (platform chat, approved email accounts, or secure document portals) for sharing sensitive information. Avoid sending confidential details through unsecured text messages or social media platforms.

When project files or records are no longer needed, delete or archive them in compliance with Surge retention protocols. Never retain or share old customer or partner data after contract completion.

Keep your platform login credentials private. Do not share your Surge password or two-factor authentication codes with anyone - including team members or clients.

Be alert for phishing emails, suspicious attachments, or unauthorized data requests. Report any unusual activity immediately to [email protected].

Only use Surge-approved applications, cloud drives, and CRMs for data storage and communication. Third-party systems not verified by Surge may violate privacy laws or compromise security.

You may share confidential information internally with other Surge members who are directly involved in the same project or task.

Sharing data with EPCs, financing partners, or vendors is permitted only for official project purposes and must follow Surge’s confidentiality and data security guidelines. All third-party partners are bound by similar confidentiality agreements.

Do not share Surge internal information with media outlets, external consultants, or competitors without written approval from Surge leadership.

Any member found to have mishandled confidential data, whether intentionally or through negligence - may face disciplinary action up to and including termination of membership, loss of commissions, and legal action if damages occur.

If you believe data has been shared, lost, or accessed improperly: