Our commitment
Mytrion Systems treats the security and confidentiality of client information as a core professional obligation. Much of our work involves seeing how an organization actually operates — its systems, weaknesses, and plans. We protect that insight with the seriousness it deserves. This policy summarizes the administrative, technical, and organizational measures we apply, and the confidentiality commitments we make, across our engagements.
Confidentiality
We treat non-public information you share with us as confidential and use it only to perform the engagement and provide our recommendations. We do not disclose your confidential information to third parties except to personnel and authorized sub-processors who need it and are bound by similar obligations, or where disclosure is required by law. Our confidentiality commitments continue after an engagement ends, for as long as the information remains confidential.
Access control
We apply the principle of least privilege: access to client information is limited to those who need it for their role and for the duration they need it. We use authentication controls on the accounts and tools we rely on, review access periodically, and remove access promptly when it is no longer required or when personnel changes occur.
Data handling
We collect and retain only the information we need for the engagement, and we handle it carefully throughout its life. We prefer that sensitive credentials and production secrets are not shared with us; where access is necessary, we work with you to use the most limited and secure method available, such as scoped or time-limited access. We separate working materials by engagement and avoid commingling client information.
Encryption & storage
We store client information using reputable services that provide encryption and access controls, and we use encrypted channels for transmitting information where appropriate. Devices used for our work are protected with industry-standard measures such as access protection and up-to-date software. We dispose of information securely when it is no longer needed, subject to legal retention requirements.
People & training
Our personnel are bound by confidentiality obligations and are expected to follow secure working practices. We promote awareness of common risks, such as phishing and poor credential hygiene, and we expect everyone working on an engagement to handle client information responsibly and to report concerns promptly.
Tools & vendors
We rely on a small set of reputable providers for hosting, email, document storage, and collaboration. We select vendors with appropriate security practices and bind sub-processors to obligations consistent with our own. This website is hosted on the Shopify platform, which maintains its own security program for the infrastructure it operates.
Incident response
We maintain a practical approach to detecting and responding to security incidents. If we become aware of an incident that affects your information, we will act promptly to contain and investigate it, take reasonable steps to mitigate its effects, and notify you without undue delay, providing the information reasonably available to help you meet your obligations. We review incidents to identify and apply improvements.
Continuity & retention
We take reasonable measures to keep our working information available and recoverable, including backups of key materials. We retain engagement information only as long as necessary for the engagement and for legitimate business, legal, and record-keeping purposes, after which it is deleted or anonymized using reasonable measures, as described in our Privacy Policy and any applicable Data Processing Agreement.
Your part
Security is a shared responsibility. You can help by sharing only the information we need, by using secure methods to grant access, by limiting and promptly revoking any access you provide, and by telling us quickly if you suspect a problem. No set of measures can guarantee absolute security, but working together we can keep risk low and handle issues well.
Contact
To report a security concern or ask about this policy, contact Mytrion Systems:
advisory@mytrionsystems.com
401 South Fourth Street, Louisville, KY 40202
+1 502 517 4683
© 2026 Mytrion Systems. All rights reserved.