Trilyn One Privacy Policy

Trilyn One ("we", "us", or "our") operates Trilyn One, a cloud-based financial management platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

By using Trilyn One, you agree to the collection and use of information in accordance with this policy.

2.1 Account Information

When you create an account, we collect your name, email address, company name, and password (stored as a secure hash). We do not store plaintext passwords.

2.2 Financial Data

Our platform stores financial records you enter, including invoices, journal entries, payroll runs, expenses, and inventory data. This data belongs to you and your organization. We do not sell, share, or use your financial data for any purpose other than providing the service.

2.3 Usage Data

We automatically collect certain information when you access the service, including IP addresses, browser type, pages visited, and timestamps. This is used solely for security monitoring and service improvement.

2.4 Payment Information

Payments are processed by Stripe. We do not store full card numbers or banking credentials on our servers. Stripe's privacy policy governs payment data: stripe.com/privacy

• To provide, operate, and improve the Trilyn One platform
• To authenticate your identity and secure your account
• To send transactional emails (invoice notifications, password resets)
• To comply with legal obligations and prevent fraud
• To provide customer support when you contact us

We do not use your data for advertising or sell it to third parties.

Each organization's data is logically isolated using unique entity identifiers enforced at the database level. One client cannot access another client's data. All API endpoints enforce entity-level access control.

We retain your data for as long as your account is active. You may request deletion of your account and associated data at any time by contacting privacy@trilynone.com. Financial records may be retained for a minimum of 7 years to comply with applicable accounting and tax regulations, even after account deletion.

We implement industry-standard security measures including:

• TLS/HTTPS encryption for all data in transit
• AES-256 encryption for sensitive data at rest
• Bcrypt password hashing
• JWT-based authentication with short-lived access tokens
• Role-based access control (RBAC) at the API level
• Audit logs for all financial operations

We use the following third-party services. Each has its own privacy policy:

• Stripe — Payment processing
• Neon / PostgreSQL — Database hosting
• Resend / SMTP providers — Transactional email delivery

We use essential session cookies for authentication purposes only. We do not use advertising, analytics, or tracking cookies.

Depending on your jurisdiction, you may have the right to:

• Access a copy of the personal data we hold about you
• Correct inaccurate personal data
• Request deletion of your personal data
• Data portability (export your financial data)
• Withdraw consent where processing is based on consent

To exercise these rights, contact us at privacy@trilynone.com.

Trilyn One is not directed to children under 18. We do not knowingly collect personal information from anyone under 18 years of age.

We may update this Privacy Policy from time to time. We will notify you of any material changes by email or by posting a prominent notice in the platform. Continued use of the service after changes constitutes acceptance.

For privacy-related inquiries, contact us at: