How we handle your data.

What we collect

Account info. Your email, name, hashed password, and which businesses you have access to.

Your business’s content. Pages, events, bookings, customer lists, photos, contracts, and your conversation history — everything you create through Trivsel.

Customer info.When guests book or interact with your business’s public site, we collect what’s needed to fulfill the booking — name, contact, payment confirmation. We don’t store card numbers; Square or Stripe handles those.

Usage and errors. Page views, performance traces, and error reports so we can fix problems fast.

Conversation history. What you say in chat and what comes back, scoped to your business. Used for context and audit, not for training.

What we don’t collect

Payment card numbers (Square and Stripe handle those), government IDs, full social-security or tax IDs from your end customers, or any data about people who haven’t interacted with your business.

How we use it

To run the service for you. Specifically: render your business’s site, process bookings, route notifications, answer in chat, secure your account, and bill you for the subscription when you connect a custom domain. We use aggregate, de-identified usage data to improve the service.

Who we share it with

We rely on a small number of subprocessors to operate the service — hosting, database and storage, AI providers, transactional email, error monitoring, and analytics. Each has its own privacy practices, and we have data-processing agreements where applicable.

The exception is payment processors, which you choose:

• Stripe — for the subscription we bill you (when you connect your own domain), and optionally for booking payments if you connect Stripe Connect instead of Square.
• Square — for booking payments if you connect Square instead.

Tenants only see their own data through Postgres row-level security. We never sell or rent your data, and we never broker introductions between tenants. Email hello@trivsel.app for the current subprocessor list.

AI and your data

Some of what Trivsel does runs on third-party AI providers. The provider doesn’t store, log, or train on what you send or what comes back. Your conversation history is stored on our side, scoped to your business, for context and audit. Period.

We may cache your business’s context across nearby turns to keep costs and latency down. Cached data is scoped to your business and is never used for training.

Customer accounts that span businesses

If a person buys tickets at multiple businesses on the platform, they exist as one user under the hood (one row in our users table) so they don’t have to re-register. Each business only sees the customer’s relationship with them. Businesses cannot enumerate users, see customers’ activity at others, or contact customers they haven’t served.

Cookies and analytics

We use a small number of cookies for authentication and session management. Analytics is privacy-first — no third-party advertising trackers, no cross-site tracking, no persistent identifiers. We don’t need a cookie banner because we don’t do the things cookie banners are about.

Your rights

You can access, correct, export, or delete your data at any time through the admin or by emailing us. If you’re in the EU, UK, California, or another jurisdiction with a comprehensive data-protection law, you have additional rights (under GDPR, CCPA/CPRA, and similar) including the right to know what we collect and to object to certain processing. We respond to verified requests within 30 days.

Data retention

While your account is active, we keep what we need. After you close your account, we keep your data for 30 days in case you change your mind, delete it from active systems within 30 days after that, and let it expire from backups within 90 days. Audit logs may be kept longer where required by law or for security investigations.

Children

The platform isn’t designed for children. If you’re under 16 (or 13 in the United States), please don’t use it. We don’t knowingly collect data from minors.

International data transfers

Our infrastructure is hosted in the United States. If you’re outside the US, your data is transferred there. By using the platform, you consent to that transfer. EU and UK users: we use Standard Contractual Clauses where applicable.

Changes to this policy

We may update this policy. If we make material changes, we’ll notify you in the admin and by email at least 30 days before they take effect. Continued use after that date means you accept the updates.

Contact

Email hello@trivsel.app. If you have a privacy-specific question, put “Privacy” in the subject line and we’ll route it to the right person.