Privacy Policy
Effective: March 1, 2026
1. Who and Where
TrioSens Inc. operates the platform at triosens.io. This policy applies to everyone who uses the Service, regardless of location. Using TrioSens means you accept the practices described here.
2. What We Collect
Account Information
When you sign up: email, first name, last name, and username.
Single Sign-On Data
If you sign in with Google, Microsoft, or GitHub, that provider shares your email, name, and profile picture with us. We do not receive or store your password.
Usage Data
As you use the Service, we log how you use it: reports created, team membership, action timestamps, browser and device type, and an approximate geographic region. We also collect anonymous performance metrics through Vercel Analytics.
3. What We Do With It
- Operate and maintain the TrioSens platform.
- Authenticate you and keep your account secure.
- Manage team membership, roles, and permissions.
- Generate and deliver your brand intelligence reports.
- Diagnose issues and decide what to build next.
- Send account, security, and product notices.
4. Cookies & Tracking
We use a small set of cookies. None are for advertising or cross-site tracking.
| Category | Cookie | Duration | Purpose |
|---|---|---|---|
| Essential | sb-*-auth-token | Session | Keeps you signed in (HttpOnly, Secure) |
| Essential | sb-*-auth-token-code-verifier | Session | PKCE step in the login handshake |
| Functional | sidebar_state | 7 days | Remembers whether the sidebar is open |
| Analytics | Vercel Analytics | Session | Anonymous performance metrics |
Vercel Analytics respects the Do Not Track browser setting.
5. Service Providers
We rely on a limited set of vendors to operate the platform. They process data on our behalf and only under our instructions.
| Provider | Purpose |
|---|---|
| Supabase | Authentication and database hosting |
| Vercel | Hosting, analytics, and performance monitoring |
| Google, Microsoft, GitHub | OAuth sign-in |
| Upstash (QStash) | Background jobs |
| DataForSEO | Search data, server to server, no personal data shared |
| X.AI | AI model calls, server to server, no personal data shared |
Your personal data is not for sale and never reaches advertisers. Every vendor listed above is contractually bound to protect it.
6. How Long We Keep Data
We retain data only as long as needed to operate the Service, or as required by law.
| Data | How long we keep it |
|---|---|
| Active account data | For the life of your account |
| Deleted account data | Removed within 24 hours of your delete request |
| Audit logs | 7 years (regulatory) |
| Team data | For the life of the team |
| Analytics and access logs | 30 to 90 days |
| Inactive accounts | We email you after 90 days of inactivity |
When you delete your account, your personal data leaves our active systems within 24 hours. Audit logs may be retained for up to 7 years where required by law.
7. Your Rights
The exact rights you have depend on where you live. To exercise any of them, email support@triosens.io. We respond within 30 days.
European Economic Area (GDPR)
You can request access to, correction of, deletion of, or a copy of your data, and you can ask us to restrict or stop processing it. You can object to processing, and you can lodge a complaint with your local data protection authority.
California (CCPA)
You can ask what we hold, request deletion, request correction of inaccurate information, and opt out of the sale of personal information. We do not sell your data, so the opt-out is already the default. We will not discriminate against you for exercising these rights.
Canada (PIPEDA)
You can request access to your data, request correction of inaccurate information, and withdraw your consent to processing.
8. Security
Some of what we do to protect your data:
- Row-level security on every database table, so you only see your own data.
- Encrypted login using HttpOnly, Secure cookies and the PKCE flow.
- API keys and secrets remain server-side and are never exposed to the browser.
- Regular security reviews.
No system is perfectly secure, but we do not take yours lightly.
9. International Transfers
Your data is processed in the United States by Supabase and Vercel. For EEA users, we apply Standard Contractual Clauses to those transfers, and our vendors sign GDPR-compliant Data Processing Agreements.
10. Children
TrioSens is not intended for anyone under 16, and we do not knowingly collect data from them. If you believe a child under 16 has registered an account, email support@triosens.io and we will remove it.
11. Changes to This Policy
When something material changes, we update the effective date at the top of this page and notify you by email or in-app notice.
12. Contact
General questions: support@triosens.io.
GDPR-specific questions: privacy@triosens.io.
See also our Terms of Service.