We are accountable for the information under our control and will use commercially reasonable safeguards to protect it. However, no system is 100% secure. In the event of a breach of your Personal Information, we will notify you as soon as reasonably possible, as required by applicable law.
Accordingly, we have adopted this Privacy Policy (the "Policy"), which sets forth the type of information that may be collected, the purposes for which it may be used, and your rights with respect to your information. This Policy governs how we collect, use, and protect your personal information whenever you use our Platform. By accessing or using the Platform, you consent to the collection and use of your information as described in this Policy. You may revoke your consent at any time by contacting us (see "Our Contact Information" below).
Trillo AI reserves the right to modify, update, or replace this Policy ("Changes") at any time at its sole discretion. We will distinguish between material and non-material Changes as follows: (i) Material Changes, including changes to how we collect, use, or share Personal Information, or changes that affect your rights, will take effect thirty (30) days after we provide notice via email to the address associated with your account and/or a prominent notice on the Platform; (ii) Non-material Changes, such as typographical corrections, clarifications, or updates required by law will take effect immediately upon posting, with the "Last Modified" date updated accordingly; or (iii) immediately upon your opt-in or express agreement to the updated Policy, whichever comes first. The most current version of this Policy will always be available at https://trillo.ai/privacy-policy. Your continued use of the Platform after the applicable notice period constitutes your acceptance of the updated Policy.
Protection of Your Information
Type and Purpose of Collection
We collect information at various points on the Platform to facilitate your experience. Specifically, two categories of information are collected:
1. Non-Personal Information
When you access the Platform, certain non-identifiable information may be automatically collected, such as:
- IP address
- Browser type and device information
- Location data (anonymous, and only with your consent)
- Referring website or service
We use this Non-Personal Information to analyze traffic, monitor usage, and improve the Platform. This information does not identify you personally, although it may be linked to your account. We also use "cookies" and similar technologies to collect statistical information (see "Cookies and Similar Technologies" below).
2. Personal Information
To use certain features of the Platform, you may be required to provide personally identifiable information ("Personal Information"), which may include:
- Name, mailing address, phone number, and email address
- Payment details (e.g., credit card information, billing address)
- Account credentials (e.g., username, password)
- Preferences, such as communication or marketing choices
- Device identifiers and related data
- Third-party identities (e.g., Google, GitHub, LinkedIn, or other integrations you choose to connect)
We collect and use Personal Information with your consent to:
- Provide and improve the Platform
- Process transactions
- Personalize your experience
- Send newsletters or communications (if you opt in)
- Enforce agreements and protect rights, property, or safety
Lawful Basis for Processing (GDPR Article 6)
Where the General Data Protection Regulation ("GDPR") applies, we process your Personal Information on one or more of the following lawful bases:
- Consent (Article 6(1)(a)): You have given clear consent for us to process your Personal Information for specific purposes (e.g., marketing communications, optional analytics cookies). You may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.
- Contract Performance (Article 6(1)(b)): Processing is necessary to perform a contract to which you are a party or to take pre-contractual steps at your request (e.g., account registration, payment processing, service delivery).
- Legal Obligation (Article 6(1)(c)): Processing is necessary to comply with a legal obligation to which Trillo AI is subject (e.g., tax, accounting, or regulatory reporting requirements).
- Legitimate Interests (Article 6(1)(f)): Processing is necessary for our legitimate interests or those of a third party, provided those interests are not overridden by your data-protection rights. These interests include fraud prevention, network security, improving our Platform, and direct marketing to existing customers where permitted by law.
Where we rely on legitimate interests, you have the right to object to that processing at any time (see 'Your Rights Under GDPR' below).
Right to Examine Information
You have the right to review any Personal Information we collect about you. To request access, please contact us at legal@trillo.ai. We may charge a reasonable administrative fee where permitted by law. In some cases, we may not be able to provide access to all information (e.g., if it also relates to another individual).
Your Rights Under GDPR (EEA and UK Users)
If you are located in the European Economic Area (EEA) or the United Kingdom (UK), you have the following rights under the GDPR and UK GDPR. To exercise any of these rights, please contact us at legal@trillo.ai. We will respond within 30 days of receipt.
- Right of Access (Article 15): You may request a copy of the Personal Information we hold about you, along with information about how and why we process it.
- Right to Rectification (Article 16): You may ask us to correct inaccurate or incomplete Personal Information without undue delay.
- Right to Erasure — "Right to Be Forgotten" (Article 17): You may request deletion of your Personal Information where: (i) it is no longer necessary for the purpose for which it was collected; (ii) you withdraw consent and no other lawful basis applies; (iii) you object to processing and there are no overriding legitimate grounds; (iv) the data has been unlawfully processed; or (v) deletion is required by EU or Member State law. Exceptions apply where retention is required for legal claims, compliance, or public-interest tasks.
- Right to Restriction of Processing (Article 18): You may request that we restrict processing of your Personal Information while a dispute about accuracy, lawfulness, or your objection is resolved.
- Right to Data Portability (Article 20): Where processing is based on consent or contract and carried out by automated means, you have the right to receive your Personal Information in a structured, commonly used, machine-readable format and to transmit it to another controller without hindrance from us.
- Right to Object (Article 21): You may object at any time to processing of your Personal Information where the basis is legitimate interests or the performance of a task in the public interest. You also have an unconditional right to object to direct marketing at any time.
- Rights Related to Automated Decision-Making and Profiling (Article 22): You have the right not to be subject to a decision based solely on automated processing (including profiling) that produces legal or similarly significant effects concerning you, unless such processing is necessary for a contract, authorised by law, or based on your explicit consent.
- Right to Lodge a Complaint: If you believe we have processed your Personal Information in violation of applicable data-protection law, you have the right to lodge a complaint with the supervisory authority in your country of residence, place of work, or the place of the alleged infringement. In the EU, this is your national Data Protection Authority (DPA). In the UK, this is the Information Commissioner's Office (ICO) at https://ico.org.uk/. We encourage you to contact us first so we can address your concern directly.
Withdrawal of Consent
You may withdraw consent to our collection or use of Personal Information at any time by emailing us. Upon receipt, we will stop using your information within a reasonable time, subject to our legal and contractual obligations. Please note that withdrawing consent may limit your ability to use certain Platform features.
Data Retention (GDPR Article 5(1)(e))
We retain your Personal Information only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy legal, accounting, or reporting obligations. The following retention periods apply:
- Account Data: Retained for the duration of your active account plus 3 years after account closure to allow resolution of disputes and satisfy audit requirements.
- Transaction and Payment Records: Retained for 7 years to comply with applicable tax and financial-reporting laws.
- Communications (support tickets, emails): Retained for 3 years from last interaction.
- Analytics and Usage Data: Retained in identifiable form for no longer than 26 months, after which it is anonymised or deleted.
- Marketing Consent Records: Retained until consent is withdrawn and for 5 years thereafter as evidence of the consent.
When Personal Information is no longer required, we securely delete or anonymise it. If complete deletion is not immediately possible (e.g., data stored in backup archives), we will isolate and protect the data until deletion is possible.
Sharing Information
Newsletter
If you subscribe to our newsletter, we will use your name and email address to send updates. You may unsubscribe at any time using the link in the email footer.
External Links
The Platform may contain links to third-party websites. We are not responsible for their privacy practices or data collection, and this Policy does not apply to them.
International Visitors
The Platform is hosted in the United States and intended for users located in the U.S. If you access the Platform from outside the U.S., please note that your information will be transferred and processed in the U.S. and possibly other countries that may not have the same data protection laws as your jurisdiction. By providing your information, you consent to such transfers.
International Data Transfers (GDPR Chapter V)
If you are located in the EEA or the UK, please be aware that your Personal Information may be transferred to and processed in the United States and other countries that may not provide the same level of data protection as your home jurisdiction. Where such transfers occur, we rely on one or more of the following safeguards:
- Standard Contractual Clauses (SCCs): We use the European Commission's approved SCCs (and the UK International Data Transfer Addendum where applicable) with our sub-processors and data importers to ensure an adequate level of protection.
- Adequacy Decisions: Where the European Commission or UK Secretary of State has determined that a destination country ensures adequate protection, we may rely on that adequacy decision.
You may request a copy of the transfer mechanism used for a particular transfer by contacting us at legal@trillo.ai.
Third-Party OAuth and Integration Data
When you connect a third-party account (Google, GitHub, LinkedIn, or other integrations) via OAuth, we request only the minimum scopes necessary to provide the relevant Platform feature. Specifically:
- Google OAuth: We request access to your basic profile (name, email address, profile picture) and, where applicable, read access to Google Drive files you explicitly select. We do not access your Gmail, Google Calendar, or other Google services unless separately disclosed and consented to.
- GitHub OAuth: We request access to your public profile (username, email) and repository metadata required to connect your codebase to the Platform. We do not request write access to your repositories unless you explicitly enable that feature.
- LinkedIn OAuth: We request access to your basic profile (name, email, headline) solely for authentication and profile-population purposes.
OAuth tokens are stored in encrypted form and are used only as described above. You may revoke our access at any time through the third-party provider's account settings. Revoking access may affect your ability to use Platform features that depend on that integration.
Payment Processing
Payments made through the Platform are handled by third-party payment processors. Payment details are transmitted directly to the provider via secure encryption (SSL) and are not stored by Trillo AI. Use of your payment information is governed by the payment processor's terms and policies.
Terms of Service
This Privacy Policy is incorporated into and forms part of our Terms of Service, available at:
https://trillo.ai/termsChildren's Privacy
The Platform is not directed at children under 13, and we do not knowingly collect Personal Information from children. If we discover that a child under 13 has provided information, we will delete it. If you believe your child has provided such information, please contact us at legal@trillo.ai.
Cookies and Similar Technologies
We use cookies and similar technologies to enhance your experience. Cookies may:
- Keep you logged in
- Store preferences
- Collect analytics data
You can disable cookies in your browser settings; however, some features of the Platform may not function properly.
Cookie Consent and Categories (GDPR)
In accordance with GDPR and the ePrivacy Directive, we obtain your consent before setting any non-essential cookies. When you first visit the Platform, you will be presented with a cookie-consent banner that allows you to accept, reject, or customise your cookie preferences. We use the following categories of cookies:
- Strictly Necessary Cookies: Required for the Platform to function (e.g., session management, security). These cannot be disabled.
- Analytics / Performance Cookies: Help us understand how visitors interact with the Platform (e.g., page views, error rates). Enabled only with your consent.
- Functional Cookies: Allow us to remember your preferences and personalise your experience (e.g., language, theme). Enabled only with your consent.
- Marketing / Targeting Cookies: Used by us or third-party advertising partners (e.g., LinkedIn Insight Tag, Meta Pixel) to deliver relevant advertisements and track ad performance. Enabled only with your explicit consent.
You may change your cookie preferences at any time via the [Cookie Settings] link in the footer of any page. Withdrawing consent for non-essential cookies will not affect the lawfulness of processing based on consent before its withdrawal.
Our Contact Information
Data Protection Officer
Trillo AI has designated a Data Protection Officer (DPO) responsible for overseeing compliance with this Policy and applicable data-protection laws. If you have questions or concerns about how we handle your Personal Information, or if you wish to exercise any of your GDPR rights, you may contact our DPO directly:
DPO Email:dpo@trillo.ai
Postal Address: Attn: Data Protection Officer, Trillo, Inc., 2603 Camino Ramon, Suite 200, San Ramon, CA 94583, United States
We will acknowledge your request within 72 hours and provide a substantive response within 30 days (extendable by a further two months for complex or numerous requests, with notice).
For any questions about this Policy, your personal information, or our practices, please contact us:
Email: legal@trillo.ai
Trillo, Inc.
2603 Camino Ramon,
Suite 200,
San Ramon, CA 94583