Privacy Policy

Last updated: February 12, 2026

This Privacy Policy explains how Trifle, Inc. ("Trifle", "we", "us", "our") collects, uses, discloses, and protects personal data when you use trifle.io, app.trifle.io, related APIs, and associated services (collectively, the "Service").

1. Scope and Roles

  • For account, billing, support, and website operations, Trifle generally acts as a data controller.
  • For Customer Data submitted by organizations using Trifle, Trifle generally acts as a data processor on behalf of the customer.

2. Personal Data We Collect

2.1 Data You Provide

  • Account data: name, email, password (stored as a hash), profile preferences.
  • Organization data: organization name, address, billing and tax details (if provided).
  • Invitations and collaboration data: invited email addresses, roles, membership activity.
  • Communications: messages you send to support or legal contacts.

2.2 Billing and Payment Data

  • We use Stripe for payments and subscriptions. We store limited billing metadata such as Stripe customer IDs, subscription IDs, plan details, and payment method brand/last4.
  • Full payment card numbers are processed by Stripe, not stored by Trifle.

2.3 Service and Configuration Data

  • Analytics configuration data (dashboards, monitors, transponders, delivery settings).
  • Metrics/events data submitted by API or queried from configured data sources.
  • Database connection details for linked sources; sensitive credentials are encrypted at rest.
  • API tokens and access credentials needed to operate configured integrations.

2.4 Integration and Authentication Data

  • Google SSO account identity data (for sign-in, where enabled).
  • Slack/Discord installation metadata and channel information (where enabled).
  • OAuth or bot tokens needed to send notifications (where enabled).

2.5 Technical and Usage Data

  • IP address, browser/device metadata, timestamps, and request logs.
  • Session and security tokens used for authentication and fraud prevention.
  • Error and performance telemetry needed to operate and secure the Service.

2.6 AI Features

If AI chat features are enabled, prompts and related context may be sent to OpenAI to generate responses.

3. How We Use Personal Data

  • Provide, maintain, and secure the Service.
  • Authenticate users and manage accounts, organizations, and permissions.
  • Process subscriptions, payments, refunds, and billing operations.
  • Enable integrations and message delivery (email, Slack, Discord).
  • Monitor reliability, prevent abuse, and investigate incidents.
  • Respond to support requests and send service-related communications.
  • Comply with legal obligations and enforce our agreements.

4. Legal Bases (EEA/UK)

Where applicable, we process personal data under one or more of these legal bases:

  • Performance of a contract.
  • Legitimate interests (for example, security, fraud prevention, and service improvement).
  • Compliance with legal obligations.
  • Consent (where required, and revocable where applicable).

5. How We Share Personal Data

We share personal data only as needed to provide the Service, including with:

  • Payment processor: Stripe.
  • Email delivery providers configured for transactional messaging.
  • Infrastructure, logging, and observability providers.
  • OpenAI, if AI chat features are used.
  • Google, Slack, and Discord when you enable related integrations.
  • Professional advisors and authorities where required by law.

We do not sell personal data for money. We do not use personal data for third-party behavioral advertising.

6. International Data Transfers

Your data may be processed in countries other than your own. Where required, we use appropriate safeguards for cross-border transfers.

7. Data Retention

  • Account and organization data is retained while your account is active and as needed for legal, tax, and security obligations.
  • Authentication artifacts are retained according to security needs (for example, remember-me and session token lifetimes).
  • Billing and transaction records are retained as required by accounting and legal obligations.
  • For project-based hosted metrics, retention depends on your plan settings (for example, default 6 months with optional extended retention).

8. Cookies and Similar Technologies

We use cookies and similar technologies for authentication, security, and consent management, including:

  • _trifle_key for signed session state.
  • _trifle_web_user_remember_me when you choose a persistent login.
  • trifle_cookie_preferences_v1 in browser local storage to remember your cookie choices.

On the marketing website, non-essential categories (for example analytics or marketing cookies) are disabled by default and activated only if you opt in through our cookie banner.

You can update your choices at any time via the "Cookie Settings" link in the footer. You can also control cookies in your browser settings, but disabling essential cookies may prevent core functionality.

9. Security

We use technical and organizational measures designed to protect data, including access controls, encryption for sensitive credentials at rest, and monitoring for abuse. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

10. Your Privacy Rights

Depending on your location, you may have rights to access, correct, delete, restrict, object to, or port personal data, and to withdraw consent where processing is based on consent.

U.S. state privacy rights (including California rights under CCPA/CPRA) may provide additional rights, such as knowing categories of data collected, requesting deletion/correction, and non-discrimination for exercising privacy rights.

To make a privacy request, contact [email protected].

11. Children's Privacy

The Service is not directed to children under 13, and we do not knowingly collect personal data from children under 13.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated by posting an updated version and updating the "Last updated" date.

13. Contact

Trifle, Inc.
Krivec 1866
96205 Hrinova, Slovakia

Privacy and legal requests: [email protected]