Privacy Policy
Effective Date: March 1, 2026
1. Introduction & Scope
TrioSens Inc. (“TrioSens”, “we”, “us”, “our”) operates the TrioSens platform at triosens.io. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our services. This policy applies to all users globally. By using TrioSens, you agree to the practices described in this policy. If you have questions, contact us at support@triosens.io.
2. Information We Collect
Account Information
When you create an account, we collect your email address, first name, last name, and username.
Authentication Data
If you sign in using a third-party provider (Google, Microsoft, or GitHub), we receive your email address, name, and profile picture from that provider. We do not receive or store your third-party account password.
Usage Data
We automatically collect information about how you use the service, including reports created, team membership, timestamps of actions, browser and device type, and geographic region (anonymized). We collect anonymous performance metrics through Vercel Analytics.
3. How We Use Your Information
- Provide, operate, and maintain the TrioSens platform
- Authenticate your identity and manage your account
- Manage team membership, roles, and permissions
- Generate and deliver brand intelligence reports
- Analyze usage patterns to improve performance and fix bugs
- Communicate with you about your account, service updates, and security notices
4. Cookies & Tracking Technologies
We use a minimal set of cookies and tracking technologies to operate and improve our service. The following table describes the cookies we use:
| Category | Cookie | Duration | Purpose |
|---|---|---|---|
| Essential | sb-*-auth-token | Session | Authentication (HttpOnly, Secure) |
| Essential | sb-*-auth-token-code-verifier | Session | PKCE authentication flow |
| Functional | sidebar_state | 7 days | Remembers sidebar UI preference |
| Analytics | Vercel Analytics | Session | Anonymous performance metrics |
We do not use advertising, marketing, or cross-site tracking cookies. Vercel Analytics respects Do Not Track (DNT) browser settings.
5. Third-Party Service Providers
We share data only with service providers that are necessary to operate the TrioSens platform. These providers process data on our behalf and under our instructions.
| Provider | Purpose |
|---|---|
| Supabase | Authentication and database hosting |
| Vercel | Application hosting, analytics, and performance monitoring |
| Google, Microsoft, GitHub | OAuth identity providers (sign-in only) |
| Upstash (QStash) | Background job processing |
| DataForSEO | Search data analysis (server-to-server, no personal data shared) |
| X.AI | AI model processing (server-to-server, no personal data shared) |
We do not sell, rent, or share your personal information with third parties for advertising or marketing purposes. All service providers are contractually obligated to protect your data and process it only as instructed by us.
6. Data Retention
We retain your personal data only for as long as necessary to provide our services and comply with legal obligations. The following table summarizes our retention periods:
| Data Category | Retention Period |
|---|---|
| Active account data | Retained while your account exists |
| Deleted account data | Removed within 24 hours of deletion request |
| Audit logs | 7 years (regulatory compliance) |
| Team data | Retained while the team exists |
| Analytics and access logs | 30–90 days |
| Inactive accounts | Notification sent after 90 days of inactivity |
When you delete your account, we remove your personal data from our active systems within 24 hours. Some information may be retained in audit logs for up to 7 years as required by law.
7. Your Rights
Depending on your location, you may have the following rights regarding your personal data.
European Economic Area (GDPR)
If you are in the EEA, you have the right to: access your personal data, rectify inaccurate data, request erasure of your data, receive your data in a portable format, restrict processing of your data, object to processing, and lodge a complaint with your local supervisory authority.
California (CCPA)
If you are a California resident, you have the right to: know what personal information we collect, request deletion of your personal information, opt out of the sale of personal information (we do not sell your data), request correction of inaccurate information, and not be discriminated against for exercising your rights.
Canada (PIPEDA)
If you are in Canada, you have the right to: access your personal information, request correction of inaccurate information, and withdraw your consent to processing.
To exercise any of these rights, contact us at support@triosens.io. We will respond to your request within 30 days.
8. Data Security
We implement appropriate technical and organizational measures to protect your personal data, including:
- Row-level security (RLS) policies on all database tables to enforce access control
- Encrypted authentication using HttpOnly secure cookies and the PKCE flow
- Strict server-side isolation of all API keys and secrets (never exposed to client-side code)
- Regular security reviews
While no method of transmission or storage is completely secure, we strive to protect your personal information using commercially reasonable measures.
9. International Data Transfers
Your data is processed in the United States through our service providers Supabase and Vercel. For users in the European Economic Area, we ensure appropriate safeguards are in place for international data transfers, including Standard Contractual Clauses (SCCs). Our service providers maintain GDPR-compliant Data Processing Agreements (DPAs).
10. Children’s Privacy
TrioSens is not directed at individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete that information promptly. If you believe a child under 16 has provided us with personal information, please contact us at support@triosens.io.
11. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. When we make material changes, we will update the effective date at the top of this page and notify you via email or an in-app notice. We encourage you to review this policy periodically.
12. Contact Us
If you have questions or concerns about this Privacy Policy or our data practices, please contact us:
TrioSens Inc.
Email: support@triosens.io
For GDPR-specific inquiries: privacy@triosens.io