Privacy Policy

1. Introduction

Triagly ("we," "us," or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our feedback management platform ("Service").

This policy applies to all users of our Service, including those in the European Economic Area (EEA), United Kingdom, and other jurisdictions with data protection laws.

2. Information We Collect

Account Information

When you create an account, we collect:

Email address
Name (if provided)
Organization name
Password (encrypted)
OAuth profile data (if using social login)

Feedback Data

When feedback is submitted through our widget or SDK, we collect:

Feedback text and descriptions
Screenshots (if captured by the user)
Reporter email and name (if provided)
Page URL where feedback was submitted
Browser and device information
Timestamp of submission

Usage Data

We automatically collect certain information when you use the Service:

Log data (IP address, browser type, pages visited)
Device information (operating system, device type)
Usage patterns and feature interactions
Performance and error data

Cookies and Tracking

We use essential cookies for authentication and session management. We do not use tracking cookies for advertising purposes. You can control cookie preferences through your browser settings.

3. How We Use Your Information

We use your information for the following purposes:

Provide the Service: Process feedback, create issues in connected trackers, send notifications
AI Processing: Classify, summarize, and analyze feedback using machine learning
Communication: Send email briefs, notifications, and service updates
Improvement: Analyze usage to improve features and user experience
Security: Detect and prevent fraud, abuse, and security threats
Legal Compliance: Comply with applicable laws and regulations

4. Data Sharing

We do not sell your personal data. We may share your information with:

Service Providers

Supabase: Database and authentication infrastructure
OpenAI: AI processing for classification and summarization
Postmark: Email delivery service
Vercel: Hosting and deployment
Sentry: Error tracking and monitoring

Third-Party Integrations

When you connect integrations (GitHub, Jira, Linear, etc.), we share feedback data with those services as configured by you. Each integration is subject to its own privacy policy.

Legal Requirements

We may disclose your information if required by law, court order, or government request, or to protect our rights, property, or safety.

5. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. Specifically:

Account data: Retained until account deletion
Feedback data: Retained until deleted by you or account closure
Usage logs: Retained for up to 90 days
Backups: Retained for up to 30 days after deletion

After account deletion, we will delete or anonymize your data within 30 days, except where retention is required by law.

6. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

Access: Request a copy of your personal data
Rectification: Correct inaccurate or incomplete data
Erasure: Request deletion of your data ("right to be forgotten")
Data Portability: Export your data in a portable format
Restriction: Request limited processing of your data
Object: Object to certain types of processing
Withdraw Consent: Withdraw consent where processing is based on consent

To exercise these rights, use the data export feature in Settings or contact us at privacy@triagly.com. We will respond to requests within 30 days.

7. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

Encryption in transit (TLS/HTTPS) and at rest
Secure authentication with password hashing
Row-level security for data isolation
Regular security audits and monitoring
Access controls and employee training

While we strive to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

8. International Data Transfers

Your data may be processed in the United States or other countries where our service providers operate. When we transfer data outside the EEA/UK, we use appropriate safeguards such as:

Standard Contractual Clauses (SCCs)
Adequacy decisions by data protection authorities
Privacy Shield certification (where applicable)

9. Children's Privacy

The Service is not intended for children under 16 years of age. We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data, please contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. For significant changes, we may also send an email notification.

We encourage you to review this policy periodically to stay informed about how we protect your data.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Email: privacy@triagly.com
Data Protection Officer: dpo@triagly.com

For users in the EEA/UK, you have the right to lodge a complaint with your local data protection authority if you believe we have not handled your data appropriately.

12. California Privacy Rights

California residents have additional rights under the California Consumer Privacy Act (CCPA):

Right to know what personal information is collected
Right to know if personal information is sold or disclosed
Right to opt out of the sale of personal information
Right to non-discrimination for exercising privacy rights

We do not sell personal information. To exercise your California privacy rights, contact us at privacy@triagly.com.