Privacy Policy

Section 01Introduction

Trellis is a privacy-first communication platform. We believe that the right to private communication is fundamental, especially for those who need it most. This Privacy Policy explains what information we collect, why we collect it, and how we protect it.

Section 02Information We Collect

a. Account Information

When you create a Trellis account, we collect your email address and display name. No real name is required. You choose how you identify yourself on the platform.

b. Usage Data

We collect anonymized analytics including crash reports and feature usage metrics. All usage data is stripped of personally identifiable information (PII) before it is processed or stored.

c. Location Data

Location data is collected only when you explicitly enable location-based features, such as emergency alerts. Location data is never stored permanently and is used solely for the duration of the feature activation.

d. Mesh Network Data

Messages sent through the Trellis mesh network are end-to-end (E2E) encrypted. We cannot read, access, or decrypt your messages. Message content is never stored on our servers.

e. VPN Data

Trellis operates under a strict no-logs policy for VPN services. We do not monitor, record, or store your browsing activity, traffic data, DNS queries, or connection timestamps while using the Trellis VPN.

f. Emergency Data

When you activate emergency features, your location may be shared with designated contacts or emergency responders during the active emergency. This data is automatically deleted after 24 hours.

g. Payment Information

All payment processing is handled by Stripe. We never see, store, or have access to your full card numbers. Only subscription status and billing identifiers are retained on our systems.

Section 03Information We Do NOT Collect

• Message content — all messages are end-to-end encrypted and unreadable by Trellis
• VPN browsing history — strict no-logs policy with zero traffic monitoring
• Real names or government IDs — we never require or request legal identification
• Contact lists — contacts are imported and stored locally on your device and are never uploaded to our servers
• Biometric data — all biometric processing (fingerprint, face unlock) occurs exclusively on-device and is never transmitted

Section 04How We Use Information

The limited information we collect is used exclusively for the following purposes:

• Account creation and authentication — to verify your identity and secure your account
• Emergency alert delivery — to route emergency notifications to the correct recipients and responders
• Crash reporting and app improvement — to diagnose issues and improve the reliability of Trellis
• Subscription management — to process payments and manage your premium features

Section 05Data Storage & Security

• Infrastructure: Firebase (Google Cloud) with encryption at rest for all stored data
• Encryption standard: AES-256 encryption for all data stored on our systems
• Credential security: Hardware-backed keystore for sensitive credentials on supported devices
• Data centers: Located in the USA for non-restricted country users; distributed infrastructure for users in restricted countries to ensure availability and safety

Section 06Restricted Country Users

Trellis is designed to protect users in countries with internet censorship and government surveillance. For users in restricted countries, we apply additional privacy safeguards:

• Minimal data collection by design — we collect even less data for users in restricted regions
• No IP logging — your IP address is never recorded or stored
• Automatic account pseudonymization — accounts are automatically anonymized to prevent identification
• Cannot comply with data requests from sanctioned governments — we do not have the data, and we do not have the legal obligation to provide it

Section 07Third-Party Services

Trellis integrates with the following third-party services, each bound by their own privacy policies:

• Firebase (Google) — authentication, real-time database, and anonymized analytics
• Stripe — secure payment processing for premium subscriptions
• Twilio — bridge SMS and voice communication, activated only when explicitly initiated by the user
• Formsubmit.co — waitlist form processing

Section 08Data Retention

• Account data: Retained while your account remains active
• Emergency data: Automatically deleted after 24 hours
• Analytics data: Anonymized and retained for a maximum of 90 days
• Deleted accounts: All associated data is permanently purged within 30 days of account deletion

Section 09Your Rights (GDPR / CCPA)

Regardless of your location, you have the following rights regarding your personal data:

• Right to access — request a copy of all data we hold about you
• Right to correction — update or correct inaccurate personal information
• Right to deletion — request permanent deletion of your data and account
• Right to data portability — receive your data in a structured, machine-readable format
• Right to opt out — disable anonymized analytics collection at any time in your account settings

To exercise any of these rights, contact us at privacy@trellispulse.com. We will respond within 30 days.

Section 10Children's Privacy

Trellis does not knowingly collect personal information from children under the age of 13. If we become aware that we have inadvertently collected data from a child under 13, we will promptly delete that information.

For school and institutional deployments where younger users may be present, accounts are created and managed by the institution. These deployments are governed by separate agreements with the educational institution, which assumes responsibility for compliance with applicable children's privacy laws (including COPPA).

Section 11Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify users through the app and/or via email.

Your continued use of Trellis after any modifications to this policy constitutes your acceptance of the updated terms. We encourage you to review this policy periodically.

Section 12Contact

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Email: privacy@trellispulse.com
• Entity: TrellisPulse, Inc.
• Address: Boulder, Colorado, USA