Privacy Policy

Triade LLC (“Triade,” “we,” “us,” or “our”) is committed to protecting your privacy and personal information. This Privacy Policy describes how we collect, use, disclose, and safeguard information when you interact with our services, websites, and business operations. As a data management consulting company, we hold ourselves to the highest standards of data protection and privacy.

1. Web Policy

This section describes the data collected through our websites, applications, social media pages, and physical interactions with Triade representatives.

Information We Collect

We may collect the following types of information:

• Personal Information: Name, email address, phone number, company name, and job title when you fill out forms, subscribe to newsletters, or request information.
• Usage Data: Browser type, IP address, pages visited, time spent on pages, and referring URLs collected through cookies and analytics tools.
• Social Media Data: Information you share publicly or provide when interacting with our social media pages.
• Communication Data: Records of correspondence when you contact us via email, phone, or contact forms.

How We Use Your Information

• To respond to your inquiries and provide requested services
• To improve our website experience and content
• To send relevant marketing communications (with your consent)
• To analyze website traffic and usage patterns
• To comply with legal obligations

Cookies and Tracking

Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyze site traffic, and understand where our visitors come from. You can control cookie preferences through your browser settings. Disabling cookies may limit some features of our website.

2. PCI DSS Web Policy

Triade is committed to compliance with the Payment Card Industry Data Security Standard (PCI DSS) for all payment-related transactions and data handling.

Our Commitments

• We do not store, process, or transmit cardholder data on our primary web properties unless through PCI-compliant third-party payment processors.
• All payment transactions are processed through encrypted, PCI DSS-compliant channels.
• We maintain appropriate network segmentation and access controls for any systems that interact with payment data.
• Regular vulnerability assessments and penetration testing are conducted on systems that handle payment information.
• Our staff who handle payment-related processes receive regular PCI DSS awareness training.

3. Customer Data Privacy Policy

Triade takes the privacy and protection of customer information seriously. As a data management consulting company, we understand the critical importance of safeguarding the data entrusted to us.

Data Protection Commitments

• Customer data is used solely for the purposes outlined in our service agreements and is never sold to third parties.
• We implement appropriate technical and organizational measures to protect customer data against unauthorized access, alteration, disclosure, or destruction.
• Access to customer data is restricted to authorized personnel on a need-to-know basis.
• We maintain data processing agreements with all sub-processors and third-party vendors who may access customer data.
• Customers retain ownership of their data at all times. Upon termination of services, customer data is returned or securely destroyed as per the agreement.

Your Rights

Depending on your jurisdiction, you may have the right to access, correct, delete, or port your personal data. You may also have the right to restrict or object to certain processing activities. To exercise any of these rights, please contact us at info@triade.io.

4. Cyber Security Policy

Triade maintains comprehensive cyber security practices to protect our systems, networks, and the data we manage on behalf of our clients.

Password Protection

• All systems require strong, unique passwords that meet minimum complexity requirements including length, character variety, and regular rotation.
• Multi-factor authentication (MFA) is required for access to all critical systems and client environments.
• Password sharing is strictly prohibited. All access is individually authenticated and logged.

Antivirus and Endpoint Protection

• All company devices run enterprise-grade antivirus and endpoint detection and response (EDR) software.
• Antivirus definitions and security patches are updated automatically and monitored centrally.
• Unauthorized software installation is restricted on all company-managed devices.

Email Security

• Email filtering and anti-phishing tools are deployed to detect and block malicious messages.
• Employees receive regular training on identifying phishing attempts and social engineering attacks.
• Sensitive information must not be transmitted via unencrypted email. Approved secure file transfer methods are required for sensitive data.

Remote Employee Standards

• Remote access to company resources requires VPN connections with encryption.
• Remote employees must use company-approved devices that meet our security configuration standards.
• Work in public spaces must adhere to screen privacy requirements and secure network usage guidelines.

5. Data Retention and Destruction Policy

Triade maintains clear policies for the retention and secure disposal of records and data, ensuring compliance with legal requirements and industry best practices.

Retention Guidelines

• Data is retained only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable laws and regulations.
• Retention periods are defined by data type and are reviewed annually to ensure continued relevance and compliance.
• Client project data is retained in accordance with the terms of each service agreement, unless otherwise required by law.
• Business records, contracts, and financial data are retained in accordance with applicable federal, state, and international regulations.

Destruction Guidelines

• When data reaches the end of its retention period, it is securely destroyed using methods appropriate to its sensitivity level.
• Electronic data is destroyed through secure deletion, cryptographic erasure, or physical destruction of storage media.
• Physical documents containing sensitive information are shredded using cross-cut shredders.
• Destruction activities are logged and certificates of destruction are maintained for audit purposes.

6. Data Security Policy

Triade implements robust data security measures to control access to information and protect data throughout its lifecycle.

Access Credentials

• Access credentials are provisioned based on the principle of least privilege, granting users only the minimum access necessary to perform their duties.
• All access requests go through a formal approval process and are reviewed by management.
• Access rights are reviewed quarterly and immediately revoked upon role change or departure.
• Service accounts and privileged access credentials are subject to additional controls including regular rotation and monitoring.

Information Control

• Data is classified according to its sensitivity level, and appropriate controls are applied at each classification tier.
• Encryption is applied to data at rest and in transit using industry-standard protocols and key management practices.
• Security monitoring and logging are in place across all systems to detect and respond to unauthorized access attempts.
• Regular security assessments, including vulnerability scans and penetration tests, are conducted to identify and remediate potential weaknesses.
• Incident response procedures are documented, tested, and regularly updated to ensure rapid response to security events.