1. Who We Are
Trimind is a multi-model AI platform. Contact: privacy@ai-trimind.com
2. Information We Collect
- Account data: name, email, profile image (via Clerk)
- Conversation content: messages sent to AI models and their responses
- Files: documents uploaded for analysis
- Usage data: provider, model, token count, cost, processing time
- Technical data: IP address, browser type, operating system
3. Why We Collect
- Providing the Service (processing messages, saving conversations)
- Improving the Service (anonymous usage analysis)
- Security (abuse detection, rate limiting)
- Legal obligations (accounting records)
4. AI Provider Sub-Processors
When you send a message, your input text is transmitted to the provider you selected for processing:
| Provider | Service | Data Location | Used for Training? |
|---|
| OpenAI | GPT | US | No |
| Anthropic | Claude | US | No |
| Google | Gemini | US / EU | No |
Your data is not used for model training by any provider. Each provider retains data for up to 30 days for safety purposes, then deletes it.
5. Other Services
- Clerk: authentication (name, email)
- Vercel Analytics: anonymous usage statistics (only with your consent)
- Sentry: error monitoring (no conversation content)
- Backblaze B2: encrypted file storage
- ClamAV: antivirus scanning on uploaded files
6. Data Retention
- Conversations and messages: until you delete them, or 90 days after account deletion
- Files: per your choice (30/90/180 days) or account deletion
- Aggregated usage data: retained after account deletion (without personal identification)
- Backups: up to 30 days after deletion
7. Your Rights
You have the right to:
- Access: know what data we have about you
- Rectification: correct inaccurate data
- Deletion: delete all your data
- Portability: receive your data in a structured format
- Objection: object to certain processing
- Withdraw consent: withdraw consent at any time
To exercise these rights: Settings → Data Management, or email privacy@ai-trimind.com
8. International Data Transfers
Data is processed on servers in the US and Europe. AI providers are certified under the EU-US Data Privacy Framework.
9. Security Monitoring (CSP Violation Reports)
We deploy a strict Content Security Policy (CSP) to protect against script-injection attacks. When your browser detects a potential violation (e.g., a browser extension attempting to inject code), it sends a small structured report to our monitoring system.
- What we receive: the URL pattern that was blocked, the directive name, and a hash of your User-Agent. Query strings and identifiers in the URL are stripped before storage (data minimization).
- What we DO NOT store: session tokens, conversation IDs, full navigation paths, or any content from your messages.
- Lawful basis: legitimate interest (Article 6(1)(f) GDPR) — necessary to detect and respond to security threats.
- Retention: 30 days, then automatically purged.
10. Cookies
- Essential cookies: account authentication (Clerk) — cannot be disabled
- Analytics cookies: Vercel Analytics — only with your consent
You can manage cookie preferences via the banner at the bottom of the page.
11. Children
The Service is for users aged 18 and older. We do not knowingly collect data from minors.
12. Changes
We will update this policy as needed. Material changes will be notified by email 30 days in advance.
13. Contact
Privacy questions: privacy@ai-trimind.com
General questions: support@ai-trimind.com