1. Infrastructure Security

TrioSens is built on enterprise-grade cloud infrastructure designed for security, reliability, and performance.

• Hosted on Vercel's edge network with automatic DDoS protection and global content delivery
• Database powered by Supabase (managed PostgreSQL) with automated daily backups and point-in-time recovery
• All data encrypted in transit using TLS 1.2+ and at rest using AES-256 encryption
• Continuous infrastructure monitoring, alerting, and automated scaling to maintain availability

2. Data Protection

We implement multiple layers of protection to safeguard your data at every level of our application.

• Row-level security (RLS) policies enforced on all database tables, ensuring users can only access data belonging to their organization
• Strict data isolation between customer accounts — no cross-tenant data access is possible
• Regular automated backups with point-in-time recovery capabilities
• Clear data retention and deletion policies aligned with our Privacy Policy

3. Access Control & Authentication

TrioSens provides secure authentication and fine-grained access control to protect your account.

• Email and password authentication with industry-standard bcrypt hashing
• Single sign-on (SSO) via Google and GitHub OAuth providers
• Role-based access control with distinct permissions for team owners, members, and viewers
• Secure session management with encrypted token handling and automatic expiration

4. Compliance

TrioSens maintains compliance with leading security and privacy frameworks to meet the requirements of organizations worldwide.

• SOC 2 Type II — independently audited security controls covering availability, confidentiality, and processing integrity
• GDPR — full compliance with EU data protection regulations, including data subject rights and Data Processing Agreements (DPA) available on request
• CCPA — compliance with the California Consumer Privacy Act, including the right to access, delete, and opt out of data sales
• PIPEDA — compliance with Canada's Personal Information Protection and Electronic Documents Act
• Regular security assessments and penetration testing by independent third parties

5. AI & Data Processing

TrioSens uses AI to power brand intelligence features. We take additional steps to ensure your data is handled responsibly throughout AI processing.

• Your data is never used to train AI models — customer data remains exclusively yours
• AI processing is stateless: prompts and responses are not stored or retained by our model providers after processing
• Data sent to AI providers is limited to the minimum necessary for the requested operation — no bulk data transfers
• All AI model providers are vetted for security practices, data handling policies, and compliance certifications

6. Incident Response

We maintain a dedicated incident response process to quickly identify, contain, and remediate security events.

• Documented incident response procedures with defined severity levels and escalation paths
• Customer notification within 72 hours of confirmed data breaches, in compliance with GDPR requirements
• Post-incident reviews with root cause analysis and preventive measures

7. Contact

If you have questions about our security practices or would like to request our SOC 2 report, contact us at support@triosens.io. For data privacy inquiries, please refer to our Privacy Policy.