Back to Home

Privacy Policy

Last updated: November 17, 2025

1. Introduction

Trestles ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-native project tracking platform.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Email address, name, and password
  • Project Data: Project names, descriptions, tasks, phases, and documentation
  • Encrypted Credentials: API keys and platform credentials (stored encrypted with AES-256-GCM)
  • Payment Information: Processed through Stripe (we do not store credit card numbers)
  • API Keys: MCP authentication keys for AI assistant integration

2.2 Automatically Collected Information

  • Usage Data: Pages viewed, features used, time spent on the Service
  • Device Information: Browser type, operating system, IP address
  • Cookies and Tracking: Session cookies for authentication and preferences
  • Log Data: API requests, error logs, and system performance metrics

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Process your transactions and manage subscriptions
  • Send you technical notices, updates, and security alerts
  • Respond to your comments, questions, and customer service requests
  • Monitor and analyze usage patterns and trends
  • Detect, prevent, and address technical issues and security vulnerabilities
  • Comply with legal obligations and enforce our Terms of Service

4. Data Security

We implement industry-standard security measures to protect your data:

  • Encryption in Transit: All data transmitted between your browser and our servers uses TLS/SSL
  • Encryption at Rest: Sensitive credentials are encrypted using AES-256-GCM encryption
  • Access Controls: Role-based access control and row-level security in our database
  • API Key Security: API keys are hashed using SHA-256 before storage
  • Regular Audits: We perform regular security audits and vulnerability assessments
  • Secure Infrastructure: Data is hosted on secure, SOC 2 compliant infrastructure

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

5. Data Sharing and Disclosure

We do not sell your personal information. We may share your information only in the following circumstances:

  • Service Providers: Third-party services that help us operate the Service (Appwrite for database, Stripe for payments, Vercel for hosting)
  • Legal Requirements: When required by law, court order, or legal process
  • Business Transfers: In connection with a merger, acquisition, or sale of assets
  • With Your Consent: When you explicitly authorize us to share your information

6. Third-Party Services

Trestles integrates with the following third-party services:

  • Appwrite: Database and authentication provider
  • Stripe: Payment processing (subject to Stripe's privacy policy)
  • Vercel: Hosting and deployment platform
  • AI Model Providers: When you use MCP integration, your AI queries are sent to your chosen provider (Claude, ChatGPT, etc.)

These third-party services have their own privacy policies. We encourage you to review them.

7. Data Retention

We retain your information for as long as your account is active or as needed to provide you services. If you delete your account, we will delete your personal information within 30 days, except where we are required to retain it for legal, accounting, or security purposes. Anonymized usage data may be retained for analytics purposes.

8. Your Rights and Choices

You have the following rights regarding your data:

  • Access: Request a copy of your personal data
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your account and associated data
  • Export: Download your project data in JSON format
  • Opt-Out: Unsubscribe from marketing emails (service-related emails cannot be opted out)
  • Data Portability: Receive your data in a machine-readable format

To exercise these rights, please contact us through your account settings or via email.

9. Cookies and Tracking Technologies

We use the following types of cookies:

  • Essential Cookies: Required for authentication and security (cannot be disabled)
  • Functional Cookies: Remember your preferences and settings
  • Analytics Cookies: Help us understand how users interact with the Service (Vercel Analytics)

You can control cookies through your browser settings, but disabling essential cookies may affect functionality.

10. Children's Privacy

Trestles is not intended for users under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. By using the Service, you consent to the transfer of your information to the United States and other countries where we operate.

12. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

  • Right to know what personal information is collected, used, shared, or sold
  • Right to delete personal information
  • Right to opt-out of the sale of personal information (Note: We do not sell personal information)
  • Right to non-discrimination for exercising your CCPA rights

13. European Privacy Rights (GDPR)

If you are in the European Economic Area, you have rights under the General Data Protection Regulation:

  • Right to access your personal data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing
  • Right to withdraw consent

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through a prominent notice on the Service. Your continued use of the Service after such modifications constitutes your acceptance of the updated policy.

15. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us through the Service or via email. We will respond to your inquiry within 30 days.