Security & Data Handling

Where your data lives, who can see it, and how Triad protects it

Triad is partner-intelligence software for alliance teams. Because partners share confidential information through your team, we treat data protection as a core product requirement, not an afterthought. This page explains exactly where your data lives, who can see it, and how it's used.

Where your data lives

Triad runs on SOC 2 Type II–compliant infrastructure: a managed Postgres database (Supabase) and application hosting (Vercel), both operating on AWS in US regions. All data is encrypted in transit (TLS 1.2+) and at rest (AES-256). We do not run our own servers; we build on the same infrastructure trusted by thousands of production SaaS companies.

Your data is isolated from every other customer

Every record in Triad is scoped to your organization and enforced at the database level through row-level security — not just in application code. One customer's data is never co-mingled with, queryable by, or visible to another. If your company is acquired or restructured, your workspace and its data remain isolated and under your control; nothing about your partner activity is ever exposed across tenant boundaries.

AI and your data — your information is never used to train any model

Triad uses Anthropic's Claude through its commercial API. Anthropic does not use commercial API inputs or outputs to train its models, and API data is retained for only 7 days for abuse monitoring before deletion. Your partner conversations, notes, and documents are never used to improve any AI model — Anthropic's or ours.

You control what gets captured

Nothing enters Triad unless you put it there. Triad does not silently record meetings, scrape inboxes, or ingest data without an explicit action from your team. You decide what to capture — a transcript, an email, a typed note — and consent for any recording remains your team's responsibility and workflow, exactly as it is today.

Access controls

Triad supports role-based access with admin and member roles, and all access is scoped to your organization. Administrators control who can join the workspace, and membership is validated against your company's email domain.

Subprocessors

Triad relies on a vetted set of infrastructure providers, each handling a specific function: Supabase (database and authentication), Vercel (application hosting), Anthropic (AI processing), Voyage AI (search indexing), Cloudflare (DNS and network security), Inngest (background processing), Sentry (error monitoring), PostHog (product analytics), Resend (transactional email), Stripe (billing), and Brave Search API (public market-signal lookups). We update this list as our infrastructure evolves.

On certifications

Triad is built entirely on SOC 2 Type II–compliant infrastructure. Triad's own SOC 2 certification is on our roadmap as we scale; we're happy to discuss our security posture directly and to complete security questionnaires for evaluating teams.

Questions

The public version of this page is available at https://gettriad.io/security.

Reach us at security@gettriad.io.