Trellis Data Insights

Legal

Privacy Policy

Last updated: 4 April 2026

1. Who we are

Trellis Data Insights ("we", "us", or "our") operates the Trellis Data Insights platform at trellisdata.io (the "Service"). We are the data controller for the personal data described in this policy.

[Company name, registered address, and company number to be inserted here.]

2. What data we collect

Account data

When you register or sign in we collect your name, email address, and — if you use Google Sign-In — your Google profile ID and profile picture URL. If you register with email and password, we store a bcrypt hash of your password (never the password itself).

Usage data

We record how many questions you ask each month in order to enforce subscription limits and show you your usage. We do not record the content of individual questions or the data returned from your databases in any long-term analytics store.

Connection metadata

When you connect a data source (BigQuery, Snowflake, SQL Server, etc.) we store the connection configuration you provide — including credentials such as service account keys or passwords. These credentials are encrypted at rest using AES-256 symmetric encryption. They are decrypted only at the moment a query is executed on your behalf.

Chat and dashboard content

Questions you ask, the SQL generated, and the data returned from your database are used within your session to provide the Service. Dashboard results (query output) are stored server-side in encrypted form so your dashboards can reload without re-running queries. This data is associated with your account and is not used for any purpose other than delivering the Service to you.

Feedback

If you submit feedback via the thumbs up / thumbs down widget, we store the rating, the page it was submitted from, and any comment you provide, along with your email address.

Log and technical data

Our servers automatically collect standard web server logs (IP address, browser type, referring URL, pages visited, timestamps). These are used for security monitoring and diagnosing technical issues. Logs are retained for 90 days.

3. How we use your data

  • To create and maintain your account
  • To execute queries against data sources you have connected
  • To enforce subscription limits and process billing
  • To provide customer support
  • To send transactional emails (password resets, account notices)
  • To monitor for abuse, security incidents, and service errors
  • To comply with legal obligations

We do not use your data to train AI models, sell it to third parties, or use it for advertising.

4. AI processing and sub-processors

The core function of the Service involves sending your natural-language questions and your database schema (table and column names, not the underlying data) to a large language model to generate SQL. This processing is performed by Google Vertex AI (Gemini model family) on Google Cloud Platform infrastructure.

By using the Service you acknowledge that your questions and schema metadata will be transmitted to Google for this purpose, subject to Google Cloud's Data Processing Addendum.

Our key sub-processors:

ProcessorPurposeLocation
Google Cloud PlatformHosting, storage, infrastructureEU / US
Google Vertex AIAI query generation (Gemini)US
Google OAuthSign-in with GoogleGlobal

5. Legal basis for processing (UK / EU users)

Where GDPR or UK GDPR applies, we rely on the following legal bases:

  • Contract — processing your account data and executing queries is necessary to provide the Service you signed up for.
  • Legitimate interests — security monitoring, fraud prevention, and service improvement.
  • Legal obligation — retaining certain records where required by law.
  • Consent — optional communications such as product updates (you can withdraw consent at any time).

6. Data retention

  • Account data is retained for as long as your account is active, plus 30 days after deletion to allow recovery.
  • Connection credentials and stored query results are deleted when you delete the associated resource or your account.
  • Server logs are retained for 90 days.
  • Feedback submissions are retained indefinitely unless you request deletion.

7. Your rights

Depending on your jurisdiction you may have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — ask us to correct inaccurate data.
  • Erasure — ask us to delete your account and associated data.
  • Portability — receive your data in a machine-readable format.
  • Restriction — ask us to pause processing while a dispute is resolved.
  • Object — object to processing based on legitimate interests.

To exercise any of these rights, email privacy@trellisdata.io. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority (in the UK: the ICO; in the EU: your national DPA).

8. Cookies

We use the following cookies:

  • Session cookie — set by our authentication system to keep you signed in. Strictly necessary; no consent required.
  • Theme preference — stores your light/dark mode preference in localStorage. No personal data; no consent required.

We do not use advertising, tracking, or analytics cookies. If we add analytics in future we will update this policy and obtain consent where required.

9. Security

We implement technical and organisational measures to protect your data including: encryption of credentials and query results at rest (AES-256), HTTPS for all data in transit, access controls limiting who can access production systems, and regular security reviews.

No system is completely secure. If you discover a security vulnerability, please disclose it responsibly to privacy@trellisdata.io.

10. Children

The Service is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with their data, please contact us and we will delete it promptly.

11. Changes to this policy

We may update this policy from time to time. We will notify you of material changes by email or by a prominent notice in the Service at least 14 days before the change takes effect. The "Last updated" date at the top of this page always reflects the most recent version.

12. Contact

For any privacy-related questions or to exercise your rights, contact us at privacy@trellisdata.io.

[Postal address to be inserted here.]

Terms of Service← Back to home