Privacy Policy

1. Introduction

Welcome to Trio ("we," "our," or "us"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our portfolio tracking application.

By using Trio, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our service.

2. Information We Collect

2.1 Information You Provide

• Account Information: Email address, password (encrypted), name (optional), and risk preference
• Portfolio Data: Investment holdings, purchase prices, quantities, and dates
• Profile Information: Investment goals, time horizon, and investor profile details
• Communication Data: Messages with our AI assistant and support inquiries

2.2 Automatically Collected Information

• Usage Data: Pages visited, features used, time spent on the platform
• Device Information: Browser type, operating system, IP address
• Cookies: Session cookies for authentication and analytics cookies (with your consent)
• Log Data: Server logs including access times and error reports

3. How We Use Your Information

We use the information we collect for the following purposes:

• Provide Services: Track your portfolio, calculate performance, and display analytics
• AI Recommendations: Generate personalized investment insights using AI technology
• Personalization: Customize your experience based on your preferences and behavior
• Communication: Send service updates, security alerts, and support responses
• Analytics: Understand usage patterns to improve our service
• Security: Detect and prevent fraud, abuse, and security incidents
• Legal Compliance: Comply with applicable laws and regulations

4. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

• Service Providers: Third-party services that help us operate (e.g., hosting, analytics, AI services)
• Public Portfolio Feature: If you enable public portfolio sharing, aggregate portfolio data (anonymized) is visible to other users
• Legal Requirements: When required by law, court order, or government request
• Business Transfers: In connection with a merger, acquisition, or sale of assets
• With Your Consent: When you explicitly authorize us to share your information

5. Third-Party Services

Our service integrates with the following third-party services:

• OpenAI: For AI-powered portfolio recommendations and chat functionality
• CoinGecko/Yahoo Finance: For real-time market data and price information
• Google AdSense: For displaying advertisements (subject to Google's privacy policy)
• Vercel: For hosting and analytics

These services have their own privacy policies. We recommend reviewing their policies to understand how they handle your data.

6. Data Security

We implement industry-standard security measures to protect your information:

• Passwords are encrypted using bcrypt hashing
• Data transmission is encrypted using SSL/TLS
• Database access is restricted and monitored
• Regular security audits and updates
• Session-based authentication with secure tokens

While we strive to protect your information, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

7. Your Rights and Choices

You have the following rights regarding your personal information:

• Access: Request a copy of your personal data
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your account and data
• Export: Download your portfolio data in a portable format
• Opt-Out: Disable optional features like public portfolio sharing
• Cookie Control: Manage cookie preferences in your browser settings

To exercise these rights, please contact us at app@triowealth.co.uk or through your account settings.

8. Data Retention

We retain your personal information for as long as your account is active or as needed to provide services. After account deletion, we may retain certain information for legal compliance, dispute resolution, and fraud prevention purposes. Anonymized and aggregated data may be retained indefinitely for analytics.

9. Children's Privacy

Our service is not intended for users under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately, and we will delete it.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. By using our service, you consent to such transfers. We ensure appropriate safeguards are in place for international data transfers.

11. Cookies and Tracking

We use cookies and similar technologies for:

• Essential Cookies: Required for authentication and core functionality
• Analytics Cookies: To understand how users interact with our platform
• Advertising Cookies: To display relevant advertisements via Google AdSense

You can control cookie preferences through your browser settings. Note that disabling essential cookies may affect functionality.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through a prominent notice on our platform. The "Last Updated" date at the top indicates when the policy was last revised. Your continued use after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

14. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information is collected
• Right to know if personal information is sold or disclosed
• Right to opt-out of the sale of personal information (we do not sell data)
• Right to deletion of personal information
• Right to non-discrimination for exercising CCPA rights

15. GDPR Compliance (EU Users)

If you are located in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR):

• Right to access your personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Right to withdraw consent at any time

Our legal basis for processing is consent, contract performance, and legitimate interests.