Privacy Policy

Welcome to Triviyo. We respect your privacy and are committed to protecting your personal data. This privacy policy explains how we collect, use, disclose, and safeguard your information when you use our service.

We are committed to compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws. This policy explains your rights under GDPR and how to exercise them.

Triviyo is the data controller responsible for your personal data. If you have any questions about this privacy policy or our data practices, please contact us at:

• Email: [email protected]
• Address: [Your Company Address]

3.1 Information You Provide

• Account Information: Name, email address, password, and profile information
• Business Information: Organization name, business details, contact information
• Booking Information: Customer names, contact details, booking preferences
• Payment Information: Processed securely through Stripe (we don't store full card details)
• Communications: Messages, support requests, and feedback

3.2 Information We Collect Automatically

• Usage Data: How you interact with our service, features used, pages visited
• Device Information: IP address, browser type, operating system, device identifiers
• Cookies: See our Cookie Policy section below
• Analytics: Aggregated usage statistics and performance metrics

3.3 Information from Third Parties

• OAuth Providers: If you sign in with Google or other providers, we receive basic profile information
• Payment Processors: Transaction status and payment confirmations from Stripe
• Integration Partners: Data from connected services (calendars, accounting software)

We use your personal data for the following purposes:

• Service Provision: To provide, maintain, and improve our booking platform
• Account Management: To create and manage your account
• Communications: To send booking confirmations, reminders, and service updates
• Payment Processing: To process payments and prevent fraud
• Customer Support: To respond to your questions and provide assistance
• Analytics: To understand usage patterns and improve our service
• Marketing: With your consent, to send promotional materials (you can opt-out anytime)
• Legal Compliance: To comply with legal obligations and protect our rights

Legal Basis for Processing (GDPR)

• Contract Performance: Processing necessary to provide our services to you
• Legitimate Interests: Improving our services, fraud prevention, security
• Legal Obligation: Compliance with tax, accounting, and legal requirements
• Consent: Marketing communications, optional cookies, analytics

We may share your personal data with:

5.1 Service Providers

• Hosting: Railway (infrastructure and database hosting)
• Payment Processing: Stripe (payment processing)
• Email Delivery: Email service providers for transactional emails
• Analytics: Analytics platforms (only if you consent to analytics cookies)
• SMS Services: For sending booking reminders (if enabled)

5.2 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your data may be transferred. We will notify you before your data is transferred and becomes subject to a different privacy policy.

5.3 Legal Requirements

We may disclose your data if required by law or in response to valid requests by public authorities.

5.4 Protection of Rights

We may disclose data to protect our rights, property, or safety, or that of our users or the public.

We do not sell your personal data to third parties.

We retain your personal data for as long as necessary to provide our services and comply with legal obligations:

• Account Data: Retained while your account is active, then for 30 days after deletion (for recovery)
• Booking Data: Retained for 3 years after the booking date for business records
• Financial Records: Retained for 7 years to comply with tax and accounting regulations
• Communications: Retained for 2 years for customer service purposes
• Analytics Data: Aggregated data retained indefinitely (anonymized)

After the retention period, data is securely deleted or anonymized so it can no longer identify you.

If you are in the European Economic Area (EEA), you have the following rights:

7.1 Right to Access

You can request a copy of your personal data. Use our Data Export feature in Settings > Privacy.

7.2 Right to Rectification

You can update or correct your personal data through your account settings.

7.3 Right to Erasure (Right to be Forgotten)

You can request deletion of your personal data. Use the Account Deletion feature in Settings > Privacy. Note that we may retain certain data for legal compliance.

7.4 Right to Restriction

You can request that we restrict processing of your personal data in certain circumstances.

7.5 Right to Data Portability

You can receive your data in a structured, machine-readable format (JSON) through our Data Export feature.

7.6 Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes.

7.7 Right to Withdraw Consent

Where processing is based on consent, you can withdraw it at any time through your cookie preferences or account settings.

7.8 Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority, particularly in your country of residence, place of work, or where an alleged infringement occurred.

To exercise these rights, contact us at [email protected]

We use cookies and similar tracking technologies to improve your experience. You can manage your cookie preferences at any time.

Types of Cookies We Use:

• Necessary Cookies: Essential for site functionality (always active)
• Analytics Cookies: Help us understand site usage (requires consent)
• Marketing Cookies: Used for personalized advertising (requires consent)
• Preference Cookies: Remember your settings and preferences (requires consent)

You can manage your cookie preferences through our cookie banner or in Settings > Privacy.

We implement appropriate technical and organizational measures to protect your data:

• Encryption in transit (HTTPS/TLS)
• Encryption at rest for sensitive data
• Regular security audits and updates
• Access controls and authentication
• Secure cloud infrastructure (Railway)
• Payment data handled by PCI-compliant processors (Stripe)

However, no system is completely secure. We cannot guarantee absolute security of data transmitted over the internet.

Your data may be transferred to and processed in countries outside the EEA. We ensure appropriate safeguards are in place:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions for certain countries
• Service providers with appropriate data protection certifications

Our service is not intended for children under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

We may update this privacy policy from time to time. We will notify you of significant changes by email or through a notice on our website. Continued use of the service after changes constitutes acceptance of the updated policy.

If you have questions about this privacy policy or our data practices, please contact us:

• Email: [email protected]
• Support: [email protected]

Company: Getia AS (Org. nr: 926 610 198)
Address: At Mesh, Møllergata 6, 0179 Oslo, Norway

For GDPR-related requests, please use the tools in Settings > Privacy or contact our Data Protection Officer.