Privacy policy

This Privacy Policy describes how Trial.io (“Trial.io”, “we”) collects, uses, and shares personal data when you use our website, products, and related services.

Two distinct relationships are covered: (a) Trial.io operators (you, our paying customer), and (b) end users who sign up for a trial through one of your Trial.io pages. For end users, you are the data controller and Trial.io is your data processor.

• Account information: name, email, organization, role
• Billing information: name, address, last four of card (processed by Stripe)
• Authentication metadata: IP address, user agent, session timestamps
• Stripe OAuth tokens (encrypted at rest)
• Usage analytics: pages visited, features used, error reports

When end users sign up through your Trial.io page, we process:

• Contact information you collect (name, email, etc.)
• Custom field responses
• Payment method metadata returned by Stripe (last four, brand, country)
• Trial status and capture history

Card numbers (PANs) are tokenized by Stripe Elements directly in the user’s browser and never reach Trial.io servers.

• Operating, maintaining, and improving the Service
• Processing trial signups, holds, captures, and refunds via Stripe
• Sending operational and transactional emails
• Detecting fraud, abuse, and policy violations
• Complying with legal obligations

We do not sell your personal data or your end users’ personal data to third parties.

We share data only with the following categories of processors:

• Stripe (payments and card processing)
• Supabase and AWS (database and infrastructure)
• Vercel (web hosting)
• Sentry (error monitoring)
• PostHog (product analytics)
• Resend (transactional email)

Each sub-processor is bound by a Data Processing Agreement consistent with GDPR and equivalent frameworks.

Operator account data is retained for the life of your account and for 6 years after account closure for tax and compliance purposes. End user data is retained according to your configuration. You can request earlier deletion at any time.

Depending on your jurisdiction, you may have the right to access, correct, delete, or port your personal data, and to object to certain processing. To exercise any of these rights, email hello@trial.io.

Trial.io is operated from the United States. If you access the Service from outside the US, you understand that your data may be processed in the US under Standard Contractual Clauses or equivalent transfer mechanisms.

We use industry-standard encryption in transit (TLS 1.2+) and at rest. Access to production systems is restricted to authorized personnel and logged. We follow the principle of least privilege.

We may update this Privacy Policy from time to time. Material changes will be announced at least 30 days in advance via email or in-product notification.

Questions or data requests? Email hello@trial.io.