How we handle your Stripe data.
No fluff, no marketing, no “bank-grade.” Just the actual facts about how this works.
What Stripe access do we request?
Read-only OAuth with only the read scopes. We cannot charge customers, modify subscriptions, refund invoices, or create anything. We can only read.
Where is the data stored?
A dedicated Postgres instance on AWS us-east-1, encrypted at rest with AES-256, inside a private VPC. Every customer has a separate schema with row-level security.
How is it transmitted?
TLS 1.3 end-to-end. No cleartext data ever crosses a wire.
Do we train LLMs on your data?
No. Your data is never sent to third-party models for training. We call LLMs with just-in-time context windows that are discarded after each brief is generated.
Who on our team can see your data?
Two of the three Trenith founders, as of April 2026. Every access is logged. We will post our access-log policy publicly before hiring anyone outside the three of us.
What happens if you cancel?
Your dashboard goes read-only for 90 days. After that, we delete everything. You can request immediate deletion at any time by emailing sai@trenith.com — we do it in under 48 hours.
Do we store card numbers?
We don't have them. Stripe doesn't expose card data through the API we use. Even if we wanted to (we don't), we couldn't.
Audit readiness?
SOC 2 Type I — targeted Q2 2026. GDPR-aligned data handling from day one. If you need a DPA, email us.