← Back to Legal

Privacy Policy

Effective date: June 1, 2026

1. Information We Collect

Account Information. When you sign up, we collect your name, email address, and organization name. This is required to create and maintain your account.

Usage Data. We collect agent traces, tool call logs, request/response metadata, and performance metrics. This data is essential for operating the proxy — it powers circuit breaking, loop detection, and cost optimization.

API Keys. Your API keys are encrypted at rest (AES-256) and never logged or stored in plaintext. Keys are automatically rotated and managed through a key management service.

Cookies. We use only essential functional cookies necessary for session management. No tracking cookies, no analytics cookies, no fingerprinting.

2. How We Use Your Information

To operate the proxy. Agent traces and tool call logs are processed in real-time to detect infinite loops, prevent prompt injection, enforce rate limits, and apply cost controls. This processing is core to the service.

To improve detection. Anonymized, aggregated patterns from usage data help us improve our security signatures and anomaly detection models.

To bill accurately. Usage metrics (request count, token volume) are used solely for billing purposes. No per-message content is stored for billing.

3. Data Retention

Standard log retention is 30 days. Enterprise customers can configure custom retention periods (up to 1 year) via their dashboard.

Account data is retained until you request deletion. Upon account termination, all associated logs and traces are purged within 14 days.

4. Sharing & Disclosure

We do not sell your data. Period.

We share data only with the following subprocessors, all of whom have signed data processing agreements:

  • AWS (us-east-1) — cloud infrastructure
  • Vercel — application hosting
  • Sentry — error monitoring (no PII, no agent content)

We may disclose data if required by law, following a valid legal process and with notice to you where permitted.

5. Your Rights

You have the right to:

  • Access — request a copy of your personal data
  • Correction — update inaccurate information
  • Deletion — request account and data deletion
  • Portability — export your data in a machine-readable format

To exercise any of these rights, email privacy@trelo.com. We respond within 30 days.

6. Security

All data is encrypted in transit (TLS 1.3) and at rest (AES-256). API keys are managed through a dedicated key management service. For full details, see our Security Overview.

7. Contact

For privacy-related inquiries: privacy@trelo.com