Last Updated:

Privacy Policy

This Privacy Policy describes how Tryvium (“Tryvium”, “we”, “us”, or “our”) collects, uses, discloses, transfers, and protects personal data when you access or use our websites, applications, and services (collectively, the “Services”).

We are committed to protecting your privacy and complying with applicable data protection laws worldwide, including the EU General Data Protection Regulation (GDPR), UK GDPR, California Consumer Privacy Act (CCPA/CPRA), and other relevant regulations.

 1. Personal Data We Collect 

We collect personal data directly from you, automatically when you use our Services, and from third parties where permitted.

Category
Examples
Source
Contact Information
Name, email address, company name, phone number
Provided by you
Account Information
Username, hashed password, preferences
Created by you
Usage Data
Pages visited, clicks, session duration, IP address, browser
Automatically collected
Technical Data
Logs, device identifiers, diagnostics
System-generated
Communications
Emails, support tickets, chat messages
Provided by you
Marketing & Preferences
Subscription status, consent preferences
Consent tools/forms
Integration Data
Data from connected third-party services
Authorized by you
CategoryExamplesSource
Contact Information
Examples:Name, email address, company name, phone number
Source:Provided by you
Account Information
Examples:Username, hashed password, preferences
Source:Created by you
Usage Data
Examples:Pages visited, clicks, session duration, IP address, browser
Source:Automatically collected
Technical Data
Examples:Logs, device identifiers, diagnostics
Source:System-generated
Communications
Examples:Emails, support tickets, chat messages
Source:Provided by you
Marketing & Preferences
Examples:Subscription status, consent preferences
Source:Consent tools/forms
Integration Data
Examples:Data from connected third-party services
Source:Authorized by you

We do not intentionally collect sensitive personal data unless required and explicitly consented to. 

 2. How We Use Personal Data (Legal Basis)

We process personal data for the following purposes:

Purpose
Legal Basis (where applicable)
Provide and maintain Services
Contractual necessity
Customer support and communication
Contract / Legitimate interest
Send marketing communications
Consent (opt-in; withdraw anytime)
Improve performance and analytics
Legitimate interest
Prevent fraud and ensure security
Legitimate interest / Legal obligation
Comply with legal requirements
Legal obligation
Internal operations and governance
Legitimate interest
PurposeLegal Basis
Provide and maintain Services
Legal Basis:Contractual necessity
Customer support and communication
Legal Basis:Contract / Legitimate interest
Send marketing communications
Legal Basis:Consent (opt-in; withdraw anytime)
Improve performance and analytics
Legal Basis:Legitimate interest
Prevent fraud and ensure security
Legal Basis:Legitimate interest / Legal obligation
Comply with legal requirements
Legal Basis:Legal obligation
Internal operations and governance
Legal Basis:Legitimate interest

Where we rely on legitimate interest, we ensure your rights are not overridden.

3. How We Share Personal Data 

We may share your personal data with the following categories of recipients; 

  • Service Providers and Vendors – such as hosting, analytics, CRM, payment processors or communication tools.
  • Affiliates – within the Tryvium corporate group.
  • Professional Advisors – including auditors, legal counsel and consulting.
  • Business Transfers – in connection with mergers, acquisitions, asset transfers or sale).
  • Regulatory Authorities – where required to comply with legal obligations.
  • Third Parties with Your Consent – such as integrations or third-party platforms explicitly authorized by you.
All processors are bound by data protection agreements compliant with applicable laws (e.g., GDPR Article 28). WE DO NOT SELL PERSONAL DATA. 

4. Data Retention  

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable laws and regulations. unless otherwise specified in the customer contract, personal data will be retained for a period of three (3) months. Retention periods may be adjusted based on specific customer requirements agreed upon in the contract.

Data Category
Retention Period and Justification
Account data
Retained for the duration of the customer relationship or up to 12 months after account closure (for audit, legal or billing purposes).
Support / communications
Retained for 5 years for dispute resolution and compliance.
Marketing data
Retained for a maximum of 24 months or until consent is withdrawn.
Logs & Analytics
Retained in pseudonymized form for up to 24 months for system security and diagnostics.
Data CategoryRetention Period and Justification
Account data
Retention:Retained for the duration of the customer relationship or up to 12 months after account closure (for audit, legal or billing purposes).
Support / communications
Retention:Retained for 5 years for dispute resolution and compliance.
Marketing data
Retention:Retained for a maximum of 24 months or until consent is withdrawn.
Logs & Analytics
Retention:Retained in pseudonymized form for up to 24 months for system security and diagnostics.

Unless otherwise agreed in customer contracts, shorter retention periods (e.g., 3 months) may apply. After the retention period, data will be either deleted securely or anonymized irreversibly.

5. Your Privacy Rights  

Depending on your location, you may have the following rights:

Right
Description
Typical Response Time
Access
Request a copy of your data.
Within 30 Calendar days; extended for complex cases.
Erasure (Right to be Forgotten) / Correction
Request deletion of your data under certain conditions. Fix inaccurate data.
Within 30 Calendar days after Data Controller's request.
Rectification
Request correction of inaccurate data.
Typically fulfilled within 30 Calendar days.
Restriction of Processing
Request temporary suspension of processing (during dispute or accuracy check).
Evaluated case by case.
Data Portability
Receive your data in structured format. Commonly used, machine readable format of your data.
Processed where technically possible (only the data provided by the user, as per Article 20).
Objection
Object to processing based on legitimate interests or for direct marketing purposes.
Actioned immediately or within 30 days.
Automated Decision-Making & Profiling
Request human intervention where automated decisions significantly affect you.
Evaluated on request.
Information
Receive clear details about the processing of your data.
Provided within 30 Calendar days.
Lodge a Complaint
File a complaint with your local Data Protection Authority if you believe your rights are violated.
Guidance and contact information provided upon request.
Access
Description:Request a copy of your data.
Response Time:Within 30 Calendar days; extended for complex cases.
Erasure (Right to be Forgotten) / Correction
Description:Request deletion of your data under certain conditions. Fix inaccurate data.
Response Time:Within 30 Calendar days after Data Controller's request.
Rectification
Description:Request correction of inaccurate data.
Response Time:Typically fulfilled within 30 Calendar days.
Restriction of Processing
Description:Request temporary suspension of processing (during dispute or accuracy check).
Response Time:Evaluated case by case.
Data Portability
Description:Receive your data in structured format. Commonly used, machine readable format of your data.
Response Time:Processed where technically possible (only the data provided by the user, as per Article 20).
Objection
Description:Object to processing based on legitimate interests or for direct marketing purposes.
Response Time:Actioned immediately or within 30 days.
Automated Decision-Making & Profiling
Description:Request human intervention where automated decisions significantly affect you.
Response Time:Evaluated on request.
Information
Description:Receive clear details about the processing of your data.
Response Time:Provided within 30 Calendar days.
Lodge a Complaint
Description:File a complaint with your local Data Protection Authority if you believe your rights are violated.
Response Time:Guidance and contact information provided upon request.

For California residents (CCPA/CPRA); Right to know, delete, correct. Right to opt out of sharing (if applicable). Right to non-discrimination Operationally, we handle data subject requests through its administrative console, based on the retention period agreed with the customer. Requests are logged, verified, and billed per actual effort, where applicable. To exercise any of these rights, contact us at legal@tryvium.ai. We may require proof of identity before fulfilling requests. Response time is typically within 30 calendar days.

6. Cookies & Tracking Technologies

We use cookies and similar tracking technologies to;

  • Enable authenticate sessions and maintain user login.
  • Store user preferences.
  • Analyze traffic patterns and user behavior.
  • Deliver targeted marketing (with your consent).

Cookie usage is controlled through a cookie consent banner presented upon first visit and available at any time via the “Cookie Settings” link in the footer of our website. We use a Consent Management Platform that allows you to;

  • Accept or reject different categories of cookies;
  • Withdraw or update your consent at any time;

For more details, please refer to Cookie Policy.

7. International Data Transfers

Your data may be transferred and processed in multiple countries, and outside your country of residence including; European Economic Area (EEA), United Kingdom, United States, India.

We use or implement appropriate safeguards in accordance with applicable privacy law such as:

  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions by the European Commission
  • Encryption (in transit and at rest)
  • Restricted access controls on a need to know basis.

8. Data Security

We employ a combination of organizational, technical and industry-standard safeguards:

  • Encryption (AES-256 for data at rest and TLS for data in transit)
  • Role-based access control
  • Firewalls, monitoring and intrusion detection systems
  • Regular penetration and vulnerability scans and security testing and audits
  • Employee security awareness training

If a data breach occurs, we will notify users and regulators as required by applicable laws.

9. Children’s Privacy

Our Services are not intended for children under 16 years (or applicable local age). We do not knowingly collect children’s data. If you identified, please contact us we will delete it promptly.

10. Updates to This Policy

We may update this policy periodically to reflect changes in our practices, technology and legal requirements;

  • The “Last Updated” date will be revised.
  • If changes are material, we will notify users by email or prominent notice.

11. Contact Us

Tryvium
Email: legal@tryvium.ai
Address: 1460 US Highway 9 North, Suite 303,
Woodbridge, New Jersey, 07095
United States of America

If you are located in the EU or UK, you have the right to lodge a complaint with your local Data Protection Authority (DPA). Upon request, we can assist in identifying the appropriate authority and provide their contact details.