Security

Trelis is an assistant with real access to your inbox, your calendar, and your files. We take the job of protecting that access seriously. Here is exactly what we do and, as importantly, what we don't.

Guarantees

Approve before acting.

Anything Trelis does that leaves your machine — sending an email, creating a calendar event, posting to social, sending a message — lands in an approval queue first. You review, edit, and approve. No autonomous outbound. Ever.

Your data is never sold.

We make money from subscriptions, not from your data. No ad networks, no data brokers, no revenue stream that depends on who you email or what's on your calendar.

Your data is never used to train AI models.

Not our models, not anyone else’s. The LLMs we call receive your content only at inference time and are never used for training.

You can delete your data.

Log into your account, delete it, and your data is removed from our live systems within 24 hours. Backups roll off within 30 days. When it's gone, it's gone — not archived, not retained.

How it’s protected in flight and at rest

Encrypted in transit.

All traffic between your browser, your phone, and our servers is encrypted. No exceptions.

Encryption for connected-account credentials.

When you connect Gmail, Outlook, or any account, the passwords are encrypted at the application layer before they ever touch the database. The encryption key is not in our source code and not in any file on disk.

Data at rest is encrypted.

Trelis has encryption-at-rest enabled. Backups carry the encryption forward.

How accounts stay isolated

Every query is scoped to your user id.

Trelis enforces per-user scoping at the query layer. Every code update runs a structural audit that walks the codebase and verifies that every database read includes your user id in the filter. If a developer forgets to scope a query, the build fails before the change ships.

Defense-in-depth on queries.

Even when an internal helper already filtered by user id, the follow-up hydration query re-applies the user id filter. A cross-tenant leak would require two simultaneous bugs, not one.

Device-paired iOS tokens rotate on every refresh.

If a token gets replayed — i.e. an attacker tries the same refresh-token twice — the device is auto-revoked as a theft event. You are notified.

How we know if something is wrong

Errors are classified by severity.

Every error gets a severity label at the point it’s thrown, so we know immediately whether it blocked you, degraded you, or stayed hidden. Severity drives our response.

Auto-triage and deduplication.

Identical errors across users roll up into a single tracked issue with an affected-users count. Widespread issues page on-call immediately.

Proactive follow-up on errors you saw.

If your last session hit a real failure, the next time you open Trelis it acknowledges what went wrong before moving on. No pretending nothing happened.

Refusal telemetry.

When Trelis declines a request, we log it and review both over-refusal (legitimate work blocked) and under-refusal (things that should have been declined). Ordinary business work is never a refusal target.

What we don’t claim

No SOC 2 attestation.

We are not SOC 2 Type II attested.

No HIPAA BAA.

Trelis is not suitable for protected health information. We do not sign Business Associate Agreements. Do not store PHI in Trelis.

No zero-knowledge claim.

Trelis can read your content to do its job. We’re not end-to-end-encrypted in a way that hides your data from us. If you need zero-knowledge, Trelis isn’t the right fit.

Questions or reports

Responsible disclosure.

Found a vulnerability? Email security@trelisai.com. Coordinated disclosure; we’ll respond within 48 hours.

Account questions.

Email support@trelisai.com.

Frequently asked questions →