Legal

Privacy Policy

Last updated · 11 June 2026

Template, not legal advice. This document is a starting point drafted for Tripline and must be reviewed and adapted by qualified legal counsel before publication. Replace every [bracketed] placeholder with your real legal entity, jurisdiction, and contact details.

This policy explains what personal data Tripline collects, why, how we use it, and the rights you have over it.

1. Who we are

Tripline ("we", "us") is operated by [Legal entity name], [registered address], [company number]. For any privacy question, contact privacy@tripline.io. For users in the EU/UK, our [data protection contact / representative] is [name + contact].

2. What we collect

Scan inputs: the domain/URL you submit and the publicly observable results of scanning it.
Account & billing: email address and, for paid plans, billing details handled by our payment processor (we do not store full card numbers).
Usage data: log data, IP address, device/browser information, and product analytics.
Communications: messages you send us and email engagement.

3. How we use it

To run scans and deliver reports you request.
To create and manage your account and process payments.
To send service messages, alerts, and (with your consent where required) product updates.
To secure, maintain, and improve the service, and to comply with legal obligations.

Legal bases (GDPR, where applicable): performance of a contract, your consent, our legitimate interests in operating and securing the service, and compliance with law.

4. Discovered secrets

If a scan surfaces a credential exposed on your own infrastructure, its value is redacted in the report and is not stored in plaintext. See our Security page for detail.

5. Sharing

We share data only with service providers ("processors") who help us run Tripline — for example hosting, payment processing (Stripe), email delivery, and analytics — under contract, and where required by law. We do not sell personal data. Our sub-processors are listed in our Data Processing Agreement.

6. International transfers

Tripline is hosted in [hosting region, e.g. United States]. Where we transfer personal data across borders, we rely on appropriate safeguards such as Standard Contractual Clauses. [Update this section to reflect your actual hosting region and transfer mechanism.]

7. Retention

Free scan results expire after [7] days. Paid reports remain accessible for [30] days. Account and billing records are kept as long as needed for the service and legal/accounting obligations, then deleted or anonymised.

8. Your rights

Subject to your jurisdiction, you may have the right to access, correct, delete, restrict, or port your data, and to object to certain processing. To exercise these, email privacy@tripline.io. You may also complain to your local data protection authority.

9. Security & changes

We protect personal data with the measures described on our Security page. We may update this policy; we will post the new version here and update the date above.