Privacy

Sub-processor register

The third-party providers Trinetra contracts to deliver the service. Each is bound by a data-processing agreement that mirrors the protections in our Privacy Policy. Material changes are notified to subscribed users at least 30 days in advance via in-app banner and email.

Last reviewed: 2026-05-25

Infrastructure

Neon

neon.tech

Primary Postgres database — stores account, business, contact, and conversation metadata.

Region: Mumbai (ap-south-1)
Data access: All persisted personal data. Encrypted at rest (AES-256) and in transit (TLS 1.3).
Legal basis: Contract — DPA in force; SCCs not required (intra-India transfer).

Render

render.com

Backend API hosting — runs the Trinetra Go server.

Region: Singapore (ap-southeast)
Data access: Personal data in flight only. No request bodies are logged.
Legal basis: Contract — DPA in force; cross-border transfer permitted under DPDP Section 16.

Vercel

vercel.com

Marketing site (trinetracrm.com) and SPA (app.trinetracrm.com) hosting + global CDN.

Region: Multi-region edge (CDN) + US-East (control plane)
Data access: Static assets and authenticated SPA bundle. No customer DB access.
Legal basis: Contract — DPA in force.

Communications

Meta Platforms, Inc. — WhatsApp Business Platform

business.whatsapp.com

Outbound and inbound WhatsApp messaging via Cloud API; OAuth-based connection of your WABA to Trinetra (Embedded Signup).

Region: United States (Meta-operated data centres). Message content and metadata transit and are processed on Meta servers in the US per DPDP §16; Trinetra retains only message-ID, timestamp, and encrypted access-token at rest.
Data access: Recipient phone, message body, template variables, your WABA access token (stored encrypted by Trinetra under AES-256-GCM). Trinetra is the BSP/integrator; Meta is the carrier and joint controller for delivery.
Legal basis: Service contract with Meta + WhatsApp Business Solution Terms; end-user consent captured by your business at lead capture; your separate informed consent at WhatsApp connect time per DPDP §6(2).

Resend

resend.com

Transactional email — welcome, password reset, billing receipts, lifecycle drips.

Region: United States (EU-hosting opt-in roadmap)
Data access: Recipient email + email content. No retention beyond send-log retention window.
Legal basis: Contract — DPA in force; cross-border transfer permitted under DPDP Section 16.

Payments

Razorpay

razorpay.com

Subscription billing, payment capture, GST invoice generation.

Region: India (PCI-DSS Level 1 certified)
Data access: Billing name, email, billing address, GSTIN. Card / UPI / netbanking credentials are tokenised by Razorpay; Trinetra never sees them.
Legal basis: Contract; payment-processing necessity under Indian Contract Act.

Analytics

Plausible Analytics

plausible.io

Privacy-first page analytics for the marketing site — page views, referrers, country (no city / IP / cross-site tracking).

Region: European Union (Germany)
Data access: Pseudonymised page-view events. No cookies. No personal data leaves your browser.
Legal basis: Legitimate interest (analytics necessary for service operation).

PostHog

posthog.com

Authenticated-dashboard product analytics — which features get used, where users get stuck, error tracking. NOT used on the marketing site.

Region: European Union (Frankfurt)
Data access: Anonymous distinct_id (opaque UUID, stored in browser localStorage — not a cookie) aliased to your account user_id on login. Auto-captured: $pageview, $pageleave, approximate city ($ip resolved to city server-side then dropped), browser, OS, UTM source, referrer. Stripped at the SDK boundary: name, email, phone, message body, customer data, OAuth callback tokens. autocapture (DOM click/keystroke recording) and session replay are explicitly disabled. posthog.reset() runs on logout; a fresh anonymous distinct_id is created on next visit.
Legal basis: Legitimate interest (product-development analytics + abuse detection on non-identifying signal); DPDP Section 6 minimisation enforced in the client-side wrapper via property allow-list + before_send sanitiser.

Authentication

Google LLC — Sign in with Google (OAuth 2.0)

developers.google.com/identity

Optional Google-based sign-in. When you choose this entry point, Google authenticates you and returns a verified email, full name, profile photo, and an opaque Google account ID (the OpenID Connect "sub" claim).

Region: United States (Google-operated data centres).
Data access: Email, full name, profile photo URL, and the immutable Google account ID. No password, contacts, calendar, drive, or other Google account data is requested or stored.
Legal basis: Contract — Google Standard Contractual Clauses; your separate affirmative consent captured at the sign-in screen per DPDP §6(2). Cross-border transfer permitted under DPDP §16. Data retained on Trinetra until you delete your account.

Object to a sub-processor?

Under DPDP Section 11 you have the right to withdraw consent and the right to redress. Email our Grievance Officer at grievance@trinetracrm.com with the sub-processor name and your account email. We respond within 24 hours. If you remain unsatisfied, you may complain to the Data Protection Board of India.