Skip to main content

Privacy

What data does Trinetra hold?

A plain-English summary of what Trinetra collects, who else sees it, where it's stored, and what rights you have under the Digital Personal Data Protection Act, 2023 (DPDP).

Updated

This is a short, readable summary of Trinetra's Privacy Policy. If anything below conflicts with the full policy, the full policy is the binding document — this page exists to make the gist accessible.

What we collect

  • Account data — your name, email, phone (if provided), business name, the password you set (bcrypt-hashed; we never see the plaintext).
  • Billing data — invoices and Razorpay transaction IDs. We do not store full card or UPI account numbers; Razorpay holds those under their RBI-mandated Indian storage.
  • Customer data you upload — your contacts' names, phone numbers, lead status, notes, tags. You decide what happens to this data (DPDP calls you the Data Fiduciary); Trinetra only processes it on your instruction (Data Processor).
  • Conversation history — the WhatsApp messages you send and receive through Trinetra, including attachments and delivery state.
  • Usage analytics — marketing site — cookie-less Plausible analytics, EU-hosted. No personal identifiers.
  • Usage analytics — dashboard — once you log in, PostHog (EU region, Frankfurt) records page views, approximate city, browser, OS, UTM source, and referrer so we can fix the bits that confuse people. No email, no name, no phone, no message content. The anonymous ID lives in your browser's localStorage — not a cookie — and is reset on logout. OAuth callback tokens are redacted before any event leaves your browser. Opt out anytime in Settings → Privacy.
  • Device + network signals — IP address, browser, approximate city — used for security and abuse prevention.

Who else sees it

Trinetra uses a small set of sub-processors to deliver the service. Each one is named, scoped, and listed at /privacy/sub-processors with the jurisdiction it operates from and what data it handles. The short list:

  • Meta (WhatsApp Cloud API) — message delivery. The customer data you send through Trinetra reaches your customer via Meta's servers.
  • Neon — database hosting, Mumbai region. Primary storage for everything else.
  • Razorpay — payments. Stores payment instruments in India per RBI directive.
  • Vercel — static-site hosting for the marketing pages (you're reading this one on Vercel).
  • Resend — transactional email (verification, deletion confirmation, billing receipts).
  • Plausible — marketing-site analytics. No cookies, no PII, EU-hosted.
  • PostHog — dashboard product analytics, EU region (Frankfurt). Identifiers stripped at the SDK; anonymous ID in browser localStorage.

We do not sell or rent your data. We do not use your message content or your customer's data for training AI models or for advertising.

Where it lives

Primary personal data — your account, your contacts, your conversation history — lives in Neon's Mumbai region. Some sub-processors (Resend, Vercel, Plausible) operate globally; each one's jurisdiction is listed under /privacy/sub-processors.

Payment-instrument data is held only in India, by Razorpay, per the RBI Storage of Payment System Data circular (6 April 2018).

How it's protected

  • In transit: TLS 1.2+ on every API and webhook surface.
  • At rest: the Meta access token (the most sensitive item) is encrypted with AES-256-GCM (the same bank-grade encryption your UPI app uses) and a per-business derived key. Database breach alone is insufficient to use the token.
  • Authentication: JWT-bound sessions, short-lived access tokens, opaque refresh tokens. TOTP 2FA available; phone-OTP verification available.
  • Audit trail: every privileged action lands on an append-only audit log with REVOKE UPDATE / DELETE enforced at the database level — even the app cannot rewrite history.

Your rights under DPDP

  • Right to access (§11): trigger a full export of your data yourself from Settings → Privacy in the app, or email privacy@trinetracrm.com.
  • Right to correction: edit your account fields anytime; ask for help with anything you can't edit yourself.
  • Right to erasure (§12): see Delete your account or data.
  • Right to withdraw consent (§6(6)): same path as erasure, or use the per-feature disconnect (e.g. Settings → WhatsApp → Disconnect).
  • Right to grievance: our Grievance Officer is named on the Privacy Policy. The escalation path to the Data Protection Board of India under §27 is described there too.

Data leaving India (DPDP §16)

Until the Central Government publishes the DPDP §16 list of permitted cross-border jurisdictions, the sub-processors that operate outside India (Resend, Vercel, Plausible, PostHog) handle data under contractual safeguards. When the list publishes and any of our sub-processors are excluded, we'll move that processing within India with at least 30 days' email notice before the move.

The full policy

The complete Privacy Policy — with retention periods, grievance procedure, version history and the sub-processor propagation timelines — is at /privacy. Trinetra's DPDP compliance summary is at /dpdp.