Privacy Policy

Trelis AI LLC

Last Updated: 04/23/2026

This Privacy Policy describes how Trelis AI LLC, an Illinois limited liability company ("Trelis AI," "we," "us," or "our"), collects, uses, shares, and protects your information when you use our website at trelisai.com and related services (collectively, the "Service"). By creating an account or using the Service, you acknowledge that you have read and agree to the practices described in this Privacy Policy.

Please also review our [Terms of Service](https://trelisai.com/terms), which govern your use of the Service.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

• Name and email address --- provided directly or via Google OAuth sign-in

• Account credentials --- if you register with email/password (passwords are hashed and never stored in plain text)

• Profile information --- any additional details you provide in your account settings

1.2 Conversation Data

• Messages and prompts you send to the AI assistant

• AI-generated responses provided to you

• Memories and preferences the AI assistant extracts from your conversations to personalize future interactions (e.g., your name, business details, stated preferences)

• Structured memories including entities, relationships, and facts derived from your conversations

1.3 Connected Service Data

When you connect third-party accounts, we access and process:

• Email data --- messages, subjects, senders, and recipients (via Gmail OAuth, Microsoft 365 OAuth, or IMAP)

• Calendar data --- events, schedules, and attendees (via Google Calendar or Microsoft 365)

• Contacts --- names and email addresses from connected accounts

• Social media data --- content you create for posting to Instagram or other connected platforms

We only access data from connected services with your explicit authorization and within the scope of permissions you grant.

1.4 Documents and Files

• Files you upload for analysis or processing

• Documents or images generated by the AI assistant on your behalf

1.5 Usage and Technical Data

• Usage metrics --- message counts, feature usage, token consumption, and session information

• Device information --- browser type, operating system, and device identifiers

• Log data --- IP addresses, access times, error logs, and referring URLs

• Push notification subscription data --- browser notification endpoints and tokens

1.6 Payment Information

• Billing data --- plan type, subscription status, and billing history

• Payment processing --- handled entirely by Stripe. We do not store your credit card numbers, debit card numbers, or full payment card details on our systems. See [Stripe's Privacy Policy](https://stripe.com/privacy) for how Stripe handles your payment information.

1.7 Feedback and Communications

• Support requests, feedback, and communications you send to us

• Survey responses, if applicable

2. How We Use Your Information

We use the information we collect to:

1. Provide and operate the Service --- process your messages, generate AI responses, manage connected integrations, and deliver documents and content you request

2. Personalize your experience --- maintain conversation memory and preferences so the AI assistant can provide contextually relevant responses

3. Perform semantic search --- generate vector embeddings of your conversations, emails, and documents to enable intelligent search and retrieval

4. Process billing and payments --- manage subscriptions, process charges, and handle overage billing through Stripe

5. Communicate with you --- send transactional emails (account confirmations, billing receipts, security alerts), push notifications you've opted into, and service announcements

6. Improve the Service --- analyze usage patterns to identify bugs, improve features, and develop new functionality

7. Ensure security --- detect and prevent fraud, abuse, and unauthorized access

8. Comply with legal obligations --- respond to lawful requests and enforce our Terms of Service

We do not use your data for advertising, and we do not sell your personal information.

3. How We Share Your Information

We share your information only in the following circumstances:

3.1 AI Model Providers (for Service Delivery)

Your messages and relevant context are transmitted to third-party large language model (LLM) providers to generate AI responses. These providers process your data solely to return responses and do not retain your data for their own training purposes under our agreements with them. We will update this section when we add new LLM providers and will only engage providers that contractually agree not to use your data for training. Current LLM providers include:

• Google (Gemini) --- for AI response generation

• Amazon Web Services / Anthropic (Claude via AWS Bedrock) --- for AI response generation

3.2 Service Providers and Subprocessors

We use third-party service providers to operate the Service. These providers process data on our behalf under contractual obligations to protect your information. See Section 4 for a full list.

3.3 Payment Processor

Billing and payment information is shared with Stripe for payment processing, subscription management, and fraud prevention.

3.4 Legal Requirements

We may disclose your information if required to do so by law or in response to valid legal process, including:

• Court orders, subpoenas, or warrants

• Requests from law enforcement or government agencies

• To protect the rights, property, or safety of Trelis AI, our users, or the public

3.5 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will provide you with at least thirty (30) days' prior notice of any such change via email and a notice on the Service, and you will have the opportunity to delete your account before the transfer takes effect.

3.6 With Your Consent

We may share your information with third parties when you have given us explicit consent to do so.

We do not sell, rent, or trade your personal information to advertisers or data brokers.

4. Data Storage and Security

4.1 Storage Location

Your data is stored on servers operated by Amazon Web Services in the us-east-1 (N. Virginia) region within the United States.

4.2 Database

Structured data, conversation history, and vector embeddings are stored in Amazon Aurora Serverless PostgreSQL databases.

4.3 Security Measures

We implement commercially reasonable technical and organizational measures to protect your data, including:

• Encryption in transit --- all data transmitted between your browser and our servers is encrypted

• Encryption at rest --- data stored in our databases is encrypted

• Access controls --- access to production systems is restricted to authorized personnel

• Authentication security --- passwords are hashed using industry-standard algorithms

4.4 Security Limitations

No method of transmission or storage is completely secure. While we strive to protect your data, we cannot guarantee absolute security. You are responsible for maintaining the security of your account credentials and connected service authorizations.

5. Data Retention

5.1 Active Accounts

While your account is active, we retain your data indefinitely to provide the Service, including conversation history, memories, connected account data, and uploaded documents.

5.2 Deleted Accounts

When you request account deletion:

1. Your account is soft-deleted (access is disabled immediately)

2. After thirty (30) days, your data is permanently purged from our systems, including:

- Conversation history and AI-generated responses

- Stored memories and preferences

- Uploaded documents and files

- Connected account data

1. Exceptions: Certain data may be retained beyond 30 days where required by law (e.g., billing records for tax purposes) or for legitimate business purposes (e.g., fraud prevention).

5.3 Disconnected Integrations

When you disconnect a third-party integration (e.g., Gmail, Calendar), we stop accessing new data from that service. Previously synced data will be retained for no longer than ninety (90) days following disconnection, after which it will be permanently deleted, unless you request earlier deletion or delete your account.

6. Your Rights

You have the following rights regarding your personal information:

6.1 Access

You may request a copy of the personal information we hold about you.

6.2 Correction

You may request that we correct inaccurate or incomplete personal information.

6.3 Deletion

You may request deletion of your account and associated data. See Section 6.2 for the deletion process and timeline.

6.4 Data Export

You may request a machine-readable export of your data, including conversation history and stored memories.

6.5 Disconnect Integrations

You may disconnect any third-party integration at any time through your account settings, which revokes our access to that service.

6.6 Opt Out of Communications

You may opt out of non-essential communications at any time. Transactional communications (e.g., billing receipts, security alerts) cannot be opted out of while you maintain an active account.

6.7 How to Exercise Your Rights

To exercise any of these rights, contact us at Support**@trelisai.com**. We will respond to your request within thirty (30) days. We may ask you to verify your identity before processing your request.

7. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

7.1 Right to Know

You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which your information was collected, the business purposes for collection, and the categories of third parties with whom we share your information.

7.2 Right to Delete

You have the right to request deletion of your personal information, subject to certain exceptions permitted by law.

7.3 Right to Correct

You have the right to request correction of inaccurate personal information.

7.4 Right to Opt Out of Sale or Sharing

We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising. Therefore, there is no need to opt out.

7.5 Right to Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights.

7.6 Categories of Information Collected

In the preceding twelve (12) months, we have collected the following categories of personal information:

• Identifiers --- name, email address, IP address, account ID

• Commercial information --- subscription plan, billing history, payment records

• Internet or network activity --- browsing history on the Service, interaction with the AI assistant, usage metrics

• Professional or employment information --- if provided by you to the AI assistant

• Inferences --- preferences, characteristics, and facts derived from your conversations by the AI memory system

7.7 How to Submit a Request

California residents may submit requests by emailing Support@trelisai.com. We will verify your identity before processing your request and respond within forty-five (45) days as required by law.

7.8 Authorized Agents

You may designate an authorized agent to submit requests on your behalf. We may require verification of the agent's authority.

8. GDPR Considerations

If you are located in the European Economic Area (EEA) or United Kingdom, the following provisions apply.

If you are located in the European Economic Area (EEA) or United Kingdom:

8.1 Legal Basis for Processing

We process your personal data on the following legal bases:

• Performance of a contract --- processing necessary to provide the Service under our Terms

• Legitimate interests --- improving the Service, ensuring security, and preventing fraud

• Consent --- where you have given explicit consent (e.g., connecting third-party accounts, enabling push notifications)

8.2 Your Additional Rights

In addition to the rights described in Section 6, EEA and UK residents may have the right to:

• Restrict processing of your personal data in certain circumstances

• Object to processing based on legitimate interests

• Data portability --- receive your data in a structured, machine-readable format

• Lodge a complaint with your local data protection authority

8.3 International Transfers

Your data is stored and processed in the United States. We rely on Standard Contractual Clauses (SCCs) approved by the European Commission, and equivalent mechanisms for UK transfers, as the legal basis for transferring your personal data to the United States. By using the Service, you acknowledge that your data will be transferred to and processed in the United States.

9. Cookies and Tracking Technologies

9.1 Cookies We Use

We use a minimal set of cookies, strictly for Service functionality:

• Session cookies --- to maintain your authenticated session and remember your login state

• Security cookies --- to prevent cross-site request forgery (CSRF) and other security threats

• Preference cookies --- to remember your settings and preferences within the Service

9.2 What We Do NOT Use

• No third-party tracking cookies

• No advertising cookies

• No analytics cookies from third-party providers

• No social media tracking pixels

9.3 Managing Cookies

You can manage cookies through your browser settings. Disabling session cookies may prevent you from using the Service.

10. Connected Services

10.1 What We Access

When you connect third-party accounts, we access data within the scope of permissions you grant:

Service Data Accessed Permissions

Email Email messages, Read and send on your subjects, senders, behalf recipients

Calendar Events, schedules, Read and create/modify attendees events

10.2 How We Use Connected Data

Data from connected services is used to:

• Display and summarize your emails and calendar events within the AI assistant

• Draft and send emails or create calendar events at your direction

• Create social media content at your direction

• Index content for search so the AI can reference your emails and documents

10.3 Disconnecting Services

You may disconnect any integration at any time through your account settings. Upon disconnection:

• We immediately stop accessing new data from that service

• Authorization tokens are revoked

• Previously synced data may remain in our systems unless you request its deletion

10.4 Third-Party Policies

Your use of connected services is also governed by those services' own terms and privacy policies. We encourage you to review them.

11. AI and Automated Processing

11.1 How AI Processes Your Data

When you interact with the AI assistant:

1. Your messages and relevant context (conversation history, memories, retrieved documents) are sent to third-party LLM providers to generate responses

1. The AI may extract and store facts, preferences, and other information from your conversations as "memories" to personalize future interactions

2. Your messages, emails, and documents are converted to vector embeddings to enable semantic search and retrieval

3. The AI uses these memories and search results to provide contextually relevant assistance

11.2 Memory System

The AI assistant maintains a memory of information you share, including:

• Facts about you and your business (name, role, preferences)

• Relationships between entities (people, companies, projects)

• Your stated preferences and instructions

11.3 No Automated Legal Decisions

We do not use automated processing, including AI, to make decisions that produce legal effects or similarly significant effects on you (such as credit decisions, employment decisions, or insurance determinations). The AI assistant provides information and generates content at your direction only.

11.4 Human Oversight

AI-generated content is provided directly to you for your review. You are responsible for evaluating and deciding whether to use, modify, or discard any AI output.

12. Children's Privacy

The Service is intended for users who are at least eighteen (18) years of age. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information promptly. If you believe a child under 18 has provided us with personal information, please contact us at Support@trelisai.com.

13. International Data Transfers

The Service is operated from and data is stored in the United States. If you access the Service from outside the United States, your information will be transferred to, stored, and processed in the United States. By using the Service, you consent to the transfer of your information to the United States, which may have data protection laws that differ from those in your country of residence.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will:

• Post the updated Privacy Policy on the Service with a revised "Last Updated" date

• Provide notice through the Service (e.g., a banner or notification)

• Where feasible, send an email notification to the address associated with your account

We encourage you to review this Privacy Policy periodically. For non-material changes, your continued use of the Service after changes are posted constitutes your acceptance of the updated Privacy Policy. For material changes, we will seek your affirmative consent where required by applicable law. If you do not agree with the changes, you should stop using the Service and request account deletion.

15. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, contact us at:

Trelis AI LLC

Support@trelisai.com

For California-specific requests, see Section 7.7.

16. Effective Date

This Privacy Policy is effective as of April 20, 2026