Tribusense

Privacy Policy

Last updated: September 19, 2025

1. Information Collection

We collect information to provide, maintain, and improve our Services. This includes information you give us directly, information collected automatically when you use the Services, and information obtained from integrations you connect.

Data you provide directly may include:

  • Identifiable information: name, email address, company, and contact details.
  • Account details: username, password (hashed), role, and preferences.
  • Support communications: emails and messages with our team.
  • Billing information: plan, invoices, and tax/VAT details (note: payments are processed by Paddle; we do not store card numbers).
  • Usage & device data: pages viewed, events (e.g., CTA clicks), IP address, language, browser/OS, and timestamps collected via privacy-respecting analytics.
  • Content you provide: monitors/keywords, templates, and approved replies you choose to save.

2. Information Collected from Integrations

When you connect third-party services, you authorize us to fetch/store/process data necessary to provide the Service.

We do not scrape Reddit; data flows via OAuth + official Reddit APIs within provider limits.

  • Reddit: We access OAuth tokens, account metadata required by the Reddit API, and public posts/comments necessary to evaluate matches for your monitors. Tokens are encrypted at rest. You can revoke access anytime by disconnecting Reddit within the app or via Reddit settings.
  • Slack / Webhooks (Pro): We send notifications to the endpoints you configure. We may store delivery logs/metadata (e.g., timestamp, status).
  • Email alerts: We send operational messages using an email delivery provider; we store minimal delivery metadata.
  • OpenAI (AI drafting): Prompt/context and your draft request are sent to the model provider solely to generate reply drafts. We do not use your data to train our own models. Where the provider offers opt-out, we configure it to minimize retention and training use.
  • Infrastructure: We use Supabase (database/auth), Upstash (Redis/QStash for queues/rate-limiting), and Sentry (error tracking). These processors help us operate the Service.

3. Information Use

We use information to:

  • deliver core features (monitoring, filtering, drafting, alerts);
  • operate, maintain, and improve reliability and safety (anti-spam guardrails, rate-limits, abuse prevention);
  • personalize and enhance the user experience;
  • provide support, resolve issues, and communicate service changes;
  • perform privacy-respecting analytics, capacity planning, and billing;
  • comply with legal obligations.

Legal bases (EEA/UK): performance of contract, legitimate interests (to provide and secure the Service), consent (e.g., marketing emails/cookies), and compliance with legal obligations.

4. Information Disclosure

We do not sell your personal data. We share data only with:

  • Service providers/processors that operate infrastructure (listed above) under data-processing terms;
  • Payment processor (Paddle) to handle billing/taxes;
  • Legal/Compliance where required by law, subpoena, or to protect rights/safety;
  • Aggregated/De-identified insights that cannot reasonably identify you.

5. Data Security

We use industry-standard measures: encryption in transit and at rest (where applicable), least-privilege access, role-based controls, secret rotation, audit logging, and rate-limiting. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.

6. Sensitive Data

We do not intentionally collect special categories of personal data (e.g., health, biometric, precise geolocation). Please do not submit such data in monitors, templates, or replies. If we learn we have collected such data, we will delete it where feasible.

7. Third-Party Services

Your use of integrations is also governed by each provider’s terms and privacy notice. We are not responsible for their policies or practices. Disconnecting an integration may limit related functionality.

8. Handling of Third-Party Data (Reddit, Slack, Email)

  • Scope minimization: We request the minimum OAuth scopes needed.
  • Use limitation: Data is processed only to operate features you enable (e.g., evaluating matches, sending alerts).
  • Revocation: You can disconnect integrations anytime in Tribusense or via the provider.
  • Data hygiene: We avoid storing raw third-party content beyond what is needed for your inbox, analytics, and retention windows (see §9).

9. Data Retention

  • Content retention (posts, matches, drafts) is plan-based: Free 7 days, Starter 30 days, Pro 90 days.
  • Account & billing records are retained for the duration of your account and for legal/accounting requirements after closure.
  • Backups & logs are retained for a limited period and then purged on a rolling basis.
  • When you disconnect Reddit or delete a monitor, we remove related tokens/rows (subject to backups and legal holds).

10. Your Privacy Rights

Depending on your jurisdiction, you may request: access, correction, deletion, portability, and restriction/objection to processing. You may also withdraw consent (e.g., marketing) at any time. To make a request, contact support@tribusense.com. We will respond within 30 days (or as required by law). For security, we may verify your identity before fulfilling a request.

11. Legal Compliance & International Transfers

We may transfer/process data outside your country (e.g., EEA ↔ UK/US) using appropriate safeguards (e.g., Standard Contractual Clauses) and technical/organizational measures. We will disclose personal information when required by law, subpoena, or to protect rights, safety, and security.

12. Children’s Privacy

The Services are not directed to individuals under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided personal data, contact us for removal.

13. Limited-Use Disclosure for Reddit Data

We use Reddit OAuth data solely to operate features you enable (monitoring, inbox, drafting context). We store tokens securely, limit scopes, and never use Reddit data for advertising or unrelated purposes. You can revoke access at any time, and we honor Reddit platform policies and rate limits.

14. Limited-Use Disclosure for Notifications (Slack/Webhooks/Email)

We send only the content necessary for your alert (e.g., thread link, snippet, metrics). We store minimal delivery logs for troubleshooting and compliance. You can remove endpoints or turn off notifications any time.

15. Model Providers & AI Drafting

When you request an AI draft, the prompt/context you provide is sent to our model provider to generate the draft. We do not use customer content to train our own models. Where the provider offers controls, we configure settings to minimize retention and disallow training use. Drafts remain your content; you decide whether to edit, discard, or post.

16. Cookies & Similar Technologies

We use essential cookies (authentication, security, preferences) and, with your consent, analytics cookies for product metrics. You can manage preferences in our Cookie Policy and through your browser settings. Disabling some cookies may impact functionality.

17. Data Controller & Contact

The data controller is Tribusense. For questions or requests: support@tribusense.com.

18. Changes to this Policy

We may update this Policy from time to time. We will post the revised version with an updated “Last updated” date and, where required, provide additional notice.