SECURITY

Security built into how data is shared

3 Steps Data is designed so control, visibility, and protection are built into every interaction.

Data remains in one place.
Access is defined before interaction.
Actions are governed and visible.

Even the platform itself cannot see your data.

Security is not added around the edges. It is part of how the system works.

Controlled access by design

Access to a Data Vault is explicitly defined, not assumed.

You decide who can access information and what they are allowed to do.
Permissions can be updated at any time as relationships change.

There are no open links, uncontrolled copies, or unintended distribution.

Permissioned actions

Access does not imply full control.

Each recipient can be assigned specific permissions to:

  • View

  • Contribute

  • Download (where allowed)

Actions are defined before interaction begins, reducing risk and limiting unnecessary exposure of data.

No tracking. No hidden monitoring.

We do not use marketing pixels, behavioural tracking, or user-level monitoring.

Operational monitoring is limited to the performance and reliability of the platform itself.

All user interaction is logged within the Data Vault, under the control of the organisation that owns it.

3 Steps Data does not have visibility into, or retain records of, those interactions outside of the Vault.

Privacy is not a feature. It is a consequence of how the system is designed.

Separation from your internal systems

Data Vaults act as a controlled boundary between organisations, teams, and systems.

Each party interacts with the Vault rather than directly with internal infrastructure.

This reduces:

  • Integration complexity

  • Exposure of internal systems

  • Risk across organisational boundaries

Jurisdiction-aware deployment

You choose where your Data Vault is deployed.

This allows data to be handled in the appropriate jurisdiction from the outset, supporting governance and regulatory requirements.

Security without added complexity

There is no additional identity layer to provision or manage.

Access is governed through the Data Vault itself, simplifying administration across organisations.

Security scales with usage, without introducing overhead.

Granular control, not all-or-nothing access

Access is not all-or-nothing.

You can define access at the level the work actually happens, whether that is:

  • Individual files

  • Directories

  • Specific spreadsheet tabs

Each recipient is given access only to what they need, and nothing more.

Data privacy by design

Your data is not visible to us

3 Steps Data does not access, inspect, or analyse the contents of your Data Vault.

We do not use your data for analytics, profiling, or any secondary purpose.

Your information remains under your control.

Visibility and accountability

All activity within the Data Vault remains visible.

You can see:

  • Who has accessed information

  • What actions were taken

  • When those actions occurred

This creates a clear, auditable record of interaction without requiring additional systems.

All activity is recorded within the Data Vault itself.
This audit record is controlled by the organisation that owns the data, not by the platform.
3 Steps Data does not retain or analyse interaction logs outside of the Vault.

Revocation and lifecycle control

Access can be revoked at any time without affecting the underlying data.

Control remains with the Data Vault owner throughout the lifecycle of the information.

There is no need to retrieve, delete, or track distributed copies.

Secure interaction, not file transfer

3 Steps Data replaces file sharing with controlled interaction.

Information is not sent, copied, or redistributed.
It is accessed within a governed environment.

This removes:

  • Version drift

  • Loss of control after sharing

  • Uncertainty around who has access

The result

Data stays in one place.
Access is controlled.
Activity is visible.

Security is built into how data is shared from the start.