App-owned page
Security & Trust
This page is maintained by Triad InfoSec to answer common security and privacy questions about the BetweenAudits site and our client engagements. It reflects current practices, not an independent certification.
Access & authentication
Access to Triad InfoSec systems that hold client data is limited to named personnel who need it, protected by SSO and multi-factor authentication, and reviewed on a documented cadence. Administrative access is separated from day-to-day access and logged.
Data collection on this site
This marketing site collects only what you submit through the contact form (name, email, optional company, optional message) plus standard request metadata. We do not sell personal information. Submissions are used to respond to your inquiry and are handled per our Privacy Policy.
Subprocessors & hosting
The BetweenAudits site is hosted on Lovable's platform infrastructure with Cloudflare edge delivery. Contact form submissions are delivered by our transactional email provider. A current list of subprocessors used in a specific client engagement is provided under NDA on request.
Retention & deletion
Contact inquiries are retained for the period needed to respond and to comply with tax and record-keeping obligations, then deleted or anonymized. Client engagement records are retained per the terms of the applicable Statement of Work.
Vulnerability reporting & incident contact
If you believe you have found a security issue on this site or in a Triad InfoSec engagement, please contact us using the details below. We ask that you avoid testing that could impact site availability or expose data belonging to others. We acknowledge reports and coordinate remediation in good faith.
Contact
Compliance and framework-specific documentation (SOC 2, ISO 27001, HIPAA, CMMC) tied to a specific engagement is provided under NDA on request.
