This policy explains what data Triago collects, how we use it, and the rights you have. It applies to triago.com and to the Triago Service.
We use data to operate, secure, and improve the Service. We do not sell customer data. We do not train foundation models on customer data unless you opt in (federated fine-tuning, never raw data).
We use a documented list of subprocessors — current list available at triago.com/subprocessors. Customers receive 30 days' notice of additions on Enterprise.
Customers can pin to US, EU, UK, AU, or JP regions. Cross-region replication is disabled unless explicitly requested.
You may access, correct, delete, or export your account data. For customer data, your administrator is the data controller and can use Triago's APIs to fulfill data-subject requests.
Audit logs are retained for the term plus 90 days, or longer if law requires. Customer data is deleted within 30 days of termination, with documented exceptions for legal holds.
See our Trust Center for certifications, architecture, and disclosure paths.
Privacy questions: privacy@triago.com. EU representative on request.