Skip to main content
TrioSens Icon

TrioSens

PricingToolsDocsBlogLog inSchedule a demo

Security

Last updated: May 9, 2026

1. Infrastructure

  • The app runs on a managed cloud platform. That platform terminates TLS, absorbs DDoS traffic, and serves the app from a global edge network.
  • Customer data lives in managed PostgreSQL with provider-managed encryption at rest and daily backups.
  • Traffic between browsers, our app, and our database is encrypted with TLS.
  • Specific providers are listed under Sub-processors.

2. Data Protection

  • Row-level security (RLS) policies are enforced on application tables. Each user can only read and write data belonging to their team.
  • Data is isolated by team. There is no cross-team access at the application layer.
  • The managed database handles backups and point-in-time recovery.
  • How long data is kept, and how to delete it, is covered in the Privacy Policy.

3. Authentication & Access

  • Passwords are hashed by our auth provider before they reach the database. We never see or store plaintext passwords.
  • Single sign-on with Google or GitHub OAuth is available if you would rather skip a password.
  • Sessions are signed tokens issued by our auth provider. They expire on their own.
  • Inside a team, owners and members have different permissions. Destructive and billing actions are gated by role.

4. AI & Third-Party Processing

TrioSens sends prompts and brand context to third-party AI providers to power brand intelligence features.

  • We use them under their standard API terms, which say API inputs and outputs are not used to train their models.
  • We only send what the operation needs, such as prompts and brand metadata to score visibility. We do not ship bulk customer data.
  • Do not put personal or sensitive information into prompts or brand descriptions. Anything you type there is sent to the AI providers listed below.

5. Sub-processors

Third parties that process customer data for us. The list changes occasionally. The “Last updated” date above tells you when.

ProviderPurposeData processedLocation
VercelApplication hosting, edge network, TLS termination, DDoS mitigationApplication traffic, IP addresses, request metadataUnited States
SupabaseManaged PostgreSQL, authentication, file storage, daily backupsAll customer-stored data, account credentials (hashed), session tokensUnited States
Google (OAuth)Optional sign-in via Google accountEmail, name, profile image (only if you choose to sign in with Google)United States
GitHub (OAuth)Optional sign-in via GitHub accountEmail, username, profile image (only if you choose to sign in with GitHub)United States
OpenAI, Anthropic, Google (AI APIs)Generate AI responses for brand intelligence featuresPrompts and brand metadata you submit. Not used to train provider models per their API termsUnited States

6. Privacy & Compliance

We do not yet hold third-party certifications. What we do today:

  • We honor reasonable requests to access, correct, or delete personal data. The Privacy Policy explains how to send one.
  • No SOC 2, ISO 27001, or equivalent audit has been completed, and we do not issue Data Processing Agreements as a standard offering. If your organization needs one to evaluate TrioSens, let us know.

7. Reporting a Security Issue

Found a security issue, or have a question about how we handle data? Email support@triosens.io. Include enough detail to reproduce, and please do not access data that is not yours while testing.