1. Who We Are

This Privacy Policy describes the practices of S&T Solutions LLC ("we," "us," or "our"), the company that owns and operates SecurityAndTrust.io. Our mailing address and contact information for privacy inquiries are listed in Section 12 below.

2. Information We Collect

We collect personal information that you voluntarily provide when you interact with our website and services. The categories of information we collect include:

  • Contact information — name, email address, phone number, and company name, collected when you submit our consultation request form or contact us directly.
  • Mobile phone number — collected when you opt in to receive SMS scheduling notifications. Your phone number is used solely for sending appointment-related text messages.
  • Usage data — IP address, browser type, pages visited, and referring URLs, collected automatically through server logs and analytics.
  • Cookies and similar technologies — we use cookies to improve site functionality and understand traffic patterns. You can control cookie preferences through your browser settings.

3. SMS Communications and Opt-In Consent

When you submit a consultation request through our website, you may be given the option to receive SMS text messages related to appointment scheduling. By providing your mobile phone number and checking the SMS opt-in consent box, you expressly consent to receive text messages from S&T Solutions LLC at the number you provided.

What you are consenting to:

  • Receiving text messages containing available consultation time slots.
  • Receiving appointment confirmation and reminder messages.
  • Receiving cancellation or rescheduling notifications.

Key disclosures:

  • Message frequency varies based on your scheduling activity. You will typically receive 2–5 messages per scheduling interaction.
  • Message and data rates may apply. Check with your carrier for details.
  • SMS consent is not a condition of purchasing any service from S&T Solutions LLC.
  • We do not share, sell, or rent your phone number or SMS opt-in consent to any third party for marketing purposes.

How to opt out: You may opt out of SMS messages at any time by replying STOP to any message you receive from us. After opting out, you will receive a single confirmation message and no further texts will be sent. You may also contact us at the email address listed in Section 12.

How to get help: Reply HELP to any message for assistance, or contact us at the email address listed in Section 12.

4. How We Use Your Information

We use the information we collect for the following purposes:

  • Responding to your consultation requests and scheduling appointments.
  • Sending SMS scheduling notifications (with your prior express consent).
  • Communicating with you about our cybersecurity advisory services.
  • Improving our website, content, and user experience.
  • Complying with legal obligations and protecting our rights.

5. Legal Basis for Processing

We process your personal information based on one or more of the following legal bases:

  • Consent — you have given clear consent for us to process your personal data for a specific purpose (e.g., SMS opt-in).
  • Legitimate interest — processing is necessary for our legitimate business interests, such as responding to inquiries and improving our services.
  • Contractual necessity — processing is necessary to fulfill a contract or take pre-contractual steps at your request.

6. Third-Party Service Providers

We use the following third-party services to operate our website and deliver our services. These providers process data on our behalf and are contractually obligated to protect your information:

Provider Purpose Data Processed
Amazon Web Services (AWS) Website hosting (S3, CloudFront), serverless compute (Lambda), email delivery (SES) IP address, request logs, email content
AWS Pinpoint / SNS SMS message delivery for appointment scheduling Phone number, message content
Google Calendar API Availability checking and appointment creation Scheduling data, appointment times
Amazon DynamoDB Temporary storage of scheduling session tokens Session tokens, expiration timestamps

We do not sell, rent, or trade your personal information to third parties for marketing purposes. We do not share your SMS opt-in consent or phone number with any third party for their own marketing use.

7. Data Retention

We retain your personal information only as long as necessary to fulfill the purposes described in this policy:

  • Contact form submissions — retained for up to 24 months after your last interaction with us, unless you request earlier deletion.
  • SMS scheduling data — scheduling session tokens automatically expire and are deleted within 48 hours via DynamoDB TTL. Your phone number is retained only as long as you maintain an active opt-in.
  • Server and access logs — retained for up to 90 days for security monitoring and then deleted.

You may request deletion of your personal data at any time by contacting us at the email address in Section 12.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

  • HTTPS encryption for all data in transit (TLS 1.2 minimum).
  • Server-side encryption for data at rest in AWS.
  • Least-privilege IAM roles for all backend services.
  • No hardcoded credentials — all secrets managed through AWS Secrets Manager.
  • CORS restrictions limiting API access to securityandtrust.io.

While we take reasonable precautions, no method of transmission or storage is 100% secure. If you have concerns about the security of your data, please contact us.

9. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access — request a copy of the personal data we hold about you.
  • Correction — request correction of inaccurate or incomplete data.
  • Deletion — request deletion of your personal data.
  • Opt-out of SMS — withdraw your consent to SMS communications at any time by replying STOP or contacting us.
  • Data portability — request your data in a structured, commonly used format.
  • Non-discrimination — we will not discriminate against you for exercising your privacy rights.

California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act and the California Privacy Rights Act. We do not sell personal information. You may submit a verifiable consumer request to know, delete, or correct your data by contacting us at the email address in Section 12.

Utah Residents (UCPA)

If you are a Utah resident, you have rights under the Utah Consumer Privacy Act, including the right to access, delete, and obtain a copy of your personal data, and the right to opt out of the sale of personal data or targeted advertising. We do not sell personal data or engage in targeted advertising.

10. Children's Privacy

Our website and services are not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a minor, please contact us immediately and we will delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Effective" date at the top of this page. We encourage you to review this page periodically.

12. Contact Us

If you have questions about this Privacy Policy, wish to exercise your privacy rights, or need assistance with SMS communications, please contact us:

S&T Solutions LLC
Email: cam@securityandtrust.io
Website: https://securityandtrust.io