How TrendRise handles account, workspace, product, billing, and Partner data.

Purpose and status

This Privacy Policy explains how TrendRise collects, uses, shares, stores, protects, and deletes personal information connected to the website, product documentation, accounts, workspaces, subscriptions, credits, generated outputs, Partner referrals, support, security, billing, and legal requests.

• This is a lawyer-review-ready operating draft and must be reviewed by counsel before final public launch.
• The final legal entity name, registered address, EU/UK representative status, data protection officer status, and jurisdiction-specific notices should be inserted before launch.
• If a signed agreement, order form, or Data Processing Addendum gives a business customer different privacy terms, that signed agreement controls for that customer where applicable.
• Questions and privacy requests should be sent to privacy@trendrise.io.

Who is responsible for the data

TrendRise generally acts as the controller for account administration, billing, website analytics, support, security, fraud prevention, Partner attribution, legal compliance, and product operations. For business-customer workspace content, TrendRise may act as a processor or service provider when a customer determines the purpose and means of processing and a DPA or similar agreement applies.

• TrendRise is the controller for its own website visitors, account holders, direct customers, Partners, applicants, support contacts, and billing relationships.
• A business customer may be the controller for personal data it intentionally enters into a workspace about its customers, creators, prospects, team members, or audience.
• When TrendRise processes business-customer workspace personal data on documented customer instructions, the DPA should govern processing, subprocessors, transfers, security, deletion, and assistance duties.
• If a role is unclear, TrendRise will treat the relevant request in a practical way and may ask for more information before acting.

What this policy covers

This policy covers personal information processed through TrendRise-owned websites, documentation, product surfaces, beta surfaces, checkout flows, support channels, Partner workflows, administrative workflows, and service-provider integrations.

• It covers the public marketing site, docs.trendrise.io, legal pages, support pages, sign-in and sign-up flows, Lab/Beta workspaces, Partner pages, Checkout, emails, and product-generated workflows.
• It does not control privacy practices of Stripe, Clerk, Vercel, GitHub, Notion, Slack, OpenAI, Apify, Google, Etsy, Shopify, Amazon, Gumroad, or other third-party providers when they process data under their own terms.
• It does not cover products you sell outside TrendRise. You are responsible for privacy notices, customer permissions, and platform compliance for your own storefronts, files, launches, and customer relationships.
• It does not authorize users to upload personal data they have no right to use.

Account and identity data

TrendRise collects account and identity data needed to create accounts, authenticate users, manage workspaces, provide support, prevent abuse, and maintain administrative records.

• Examples include name, email address, organization, role, avatar, account id, authentication-provider id, workspace memberships, permissions, settings, invited-user information, and account status.
• Authentication providers such as Clerk may process sign-in, sign-up, email verification, session, security, device, and account metadata.
• TrendRise may record administrator actions, role changes, invitation events, account updates, and account-support history.
• Users are responsible for keeping account details accurate and protecting workspace invitations.

Workspace and product content

TrendRise processes workspace content that users create, upload, import, generate, save, export, or otherwise submit while using the product.

• Examples include market notes, source-search prompts, saved opportunities, opportunity scores, buyer-language notes, product ideas, product profiles, launch materials, creator prospects, deal notes, analytics context, generated reports, drafts, scripts, artifact records, export manifests, comments, and internal review states.
• Workspace content may include personal information if users add names, creator handles, emails, customer notes, audience information, support context, or imported product/customer context.
• Do not upload passwords, API keys, private keys, payment card data, bank details, health data, government identifiers, children's data, or other highly sensitive information unless TrendRise has expressly approved that workflow in writing.
• TrendRise may process workspace content to provide requested features, generate outputs, maintain history, support users, secure the service, enforce limits, and investigate disputes.

Usage, credit, and generation records

TrendRise records product usage and credit activity so it can operate paid plans, control cost, restore failed credits, debug workflows, answer support questions, and provide dispute evidence when needed.

• Examples include pages opened, features used, source searches started, credit-consuming actions confirmed, credits granted, credits deducted, saved-output reuse, generation jobs, provider calls, estimated cost, actual usage where available, model/source metadata, status, errors, exports, artifact versions, and timestamps.
• Credit and generation records may be linked to workspace id, account id, plan, subscription, source object, product artifact, or support request.
• TrendRise uses these records to determine whether digital service began or was delivered, whether a failed job should be retried or restored, and whether a refund or dispute claim is consistent with usage history.
• TrendRise may aggregate usage records to improve pricing, reliability, product design, and provider-cost controls.

Billing and payment data

TrendRise uses payment providers such as Stripe to process Checkout, subscriptions, invoices, payment status, refunds, disputes, taxes, coupons, and Partner payout readiness. TrendRise should not collect or store raw payment card numbers in its own application.

• TrendRise may store payment-provider references such as Stripe customer id, subscription id, invoice id, Checkout session id, payment status, plan, price id, coupon, refund status, dispute status, chargeback status, tax metadata, and policy-version metadata.
• Stripe or another provider may process card details, fraud signals, billing address, tax data, authentication checks, payment disputes, and hosted portal activity under its own terms.
• Billing records may be used for account access, invoices, credit grants, plan changes, cancellations, refund review, chargeback evidence, accounting, tax, fraud prevention, and legal compliance.
• Do not send full card numbers, bank details, passwords, or identity documents through support unless a secure provider-managed flow expressly requests them.

Partner and referral data

TrendRise processes Partner and referral data to review Partner applications, assign referral codes, attribute signups or purchases, calculate commission eligibility, manage payout readiness, and investigate fraud or disputes.

• Examples include Partner application data, name, email, organization, audience/channel information, website or social links, referral code, UTM parameters, landing page, signup metadata, Checkout metadata, attribution cookie or local-storage value, commission status, payout status, refund status, dispute status, and support history.
• Partner payout providers such as Stripe Connect may collect identity, tax, business, bank, and verification information directly.
• TrendRise may share limited performance, attribution, and commission information with approved Partners, but may limit or withhold customer-level data for privacy, security, legal, or product reasons.
• Partners may not export, sell, reuse, or independently market to TrendRise customers unless they have a separate lawful basis and permission.

Support, legal, and security requests

TrendRise processes information submitted through support, billing, legal, privacy, and security channels so it can respond to requests, verify identity or authority, investigate problems, and maintain records.

• Examples include emails, message content, attachments, screenshots, account identifiers, workspace identifiers, invoice details, refund requests, dispute explanations, privacy requests, vulnerability reports, and follow-up notes.
• TrendRise may ask for verification before discussing account, billing, workspace, Partner, payout, privacy, or security records.
• Support requests may be retained where needed for service history, legal compliance, billing, fraud prevention, chargeback evidence, security investigations, or quality improvement.
• If you accidentally send sensitive information, contact privacy@trendrise.io or security@trendrise.io so TrendRise can assess reasonable mitigation.

Website, device, and log data

TrendRise may collect technical information when someone visits the website, documentation, support pages, app, email links, Checkout pages, Partner links, or product surfaces.

• Examples include IP address, approximate location, device type, browser, operating system, screen size, referring page, URL, timestamps, pages viewed, click events, errors, performance metrics, session context, and security events.
• Logs help TrendRise operate the service, debug errors, prevent abuse, detect suspicious activity, improve documentation, maintain reliability, and understand aggregate usage.
• Some log data may be collected by infrastructure providers, authentication providers, payment providers, analytics tools, observability tools, email providers, and security tools.
• TrendRise should avoid collecting unnecessary sensitive information in logs and support messages.

Cookies, consent, and local storage

TrendRise uses cookies, local storage, and similar technologies for necessary site operation, authentication, security, preferences, consent records, analytics where enabled, and Partner attribution where enabled.

• Strictly necessary technologies support login, session management, security, routing, consent storage, Checkout, and core service functionality.
• Optional analytics and Partner attribution technologies should be controlled through the cookie banner where consent is required.
• The Cookie Policy should list cookie categories, providers, purposes, and retention periods before broad customer launch.
• Changing cookie choices applies prospectively and may not delete records already collected under a prior valid choice or required for security, billing, support, or legal purposes.

Data from providers, sources, and integrations

TrendRise may receive information from service providers, source-data providers, AI/model providers, marketplace or social-source adapters, public websites, customer-authorized integrations, and payment or authentication providers.

• Source providers may return public or licensed market, search, marketplace, ad, product, creator, keyword, review, or social signals used to generate opportunity hypotheses.
• Payment and authentication providers may send account, verification, subscription, invoice, dispute, refund, fraud, or session metadata.
• Email and support providers may send delivery, bounce, suppression, reply, and support-thread metadata.
• Where a user connects or imports external data, the user is responsible for having the rights, permissions, and lawful basis needed for that data.

How TrendRise uses information

TrendRise uses information to provide, secure, support, improve, measure, and commercialize the service.

• Provide accounts, workspaces, subscriptions, credits, source searches, generated outputs, exports, artifacts, product workflows, launch workflows, Partner dashboards, and support.
• Process billing, invoices, plan access, credit balances, cancellations, refunds, disputes, commission holds, payout readiness, tax/accounting records, and customer-service history.
• Detect, prevent, and investigate fraud, spam, scraping, payment abuse, account compromise, unauthorized access, self-referrals, policy violations, security events, and service misuse.
• Debug errors, measure reliability, improve product quality, analyze aggregate usage, forecast provider costs, prioritize roadmap decisions, and test product changes.
• Send transactional messages, account notices, security alerts, support replies, billing notices, policy updates, Partner notices, and optional marketing where permitted.

Legal bases for EEA, UK, and similar laws

Where GDPR, UK GDPR, or similar laws apply, TrendRise relies on legal bases appropriate to the processing activity.

• Contract: to create accounts, provide workspaces, process subscriptions, deliver credits, generate outputs, provide support, operate Partner workflows, and perform requested services.
• Legitimate interests: to secure the service, prevent fraud, maintain logs, improve reliability, understand product usage, support customers, enforce terms, preserve dispute evidence, and operate the business.
• Consent: for optional cookies, optional marketing, certain communications, or other processing where consent is required.
• Legal obligation: for tax, accounting, sanctions, lawful requests, consumer obligations, recordkeeping, and payment compliance where applicable.
• Legal claims: to establish, exercise, or defend rights in refund, dispute, chargeback, fraud, security, contractual, or regulatory matters.

AI, source processing, and generated outputs

TrendRise may use AI/model providers, source-data providers, and internal systems to generate reports, product briefs, drafts, summaries, scripts, recommendations, scoring explanations, launch materials, and other outputs.

• Inputs may include user prompts, workspace context, saved opportunities, product profiles, selected sources, public/source-provider data, usage settings, and requested output type.
• Outputs may be stored in the workspace, tied to usage and credit records, reused without new credit spend where supported, and reviewed in support or dispute contexts.
• Users should avoid entering sensitive personal data into prompts or generated-output workflows unless TrendRise has approved that workflow.
• TrendRise may configure provider settings, retention choices, logging, and model usage differently over time; material provider changes should be reflected in the Subprocessors page where relevant.

Analytics and product improvement

TrendRise may use product analytics and operational metrics to understand adoption, reliability, conversion, plan usage, credit consumption, docs usefulness, launch outcomes, Partner funnel performance, and support needs.

• Analytics may include page views, route activity, feature usage, funnel steps, errors, performance metrics, plan metadata, aggregate credit usage, and referral attribution where enabled.
• TrendRise should use analytics to improve reliability, onboarding, documentation, pricing, support, product quality, and internal cost controls.
• Optional analytics cookies or similar technologies should be controlled through the cookie banner where consent is required.
• TrendRise may use aggregated or de-identified data that does not reasonably identify a person to improve the service, publish benchmarks, or make business decisions.

Communications

TrendRise may contact users, customers, Partners, applicants, and support contacts for service-related and, where permitted, marketing-related reasons.

• Transactional messages may include account verification, password or sign-in notices, billing notices, subscription changes, credit updates, support replies, security alerts, policy updates, Partner notices, and administrative messages.
• Marketing messages may include product updates, launch announcements, education, offers, or Partner-related communications where permitted.
• Users can opt out of marketing emails through unsubscribe links or by contacting support, but TrendRise may still send transactional or legal messages.
• Email providers may process delivery, open, click, bounce, reply, and suppression metadata where enabled.

Sharing and subprocessors

TrendRise shares information with service providers and subprocessors that help host, secure, authenticate, bill, email, support, analyze, generate, store, and operate the service.

• Provider categories may include hosting, database, storage, authentication, billing, payments, tax, email, analytics, observability, AI/model processing, source data, support, internal operations, design collaboration, and communications.
• Current provider categories and examples should be maintained on the Subprocessors page.
• TrendRise does not sell personal information in the ordinary sense of selling customer lists for money.
• TrendRise may disclose information to comply with law, enforce terms, prevent fraud, protect safety or rights, complete a corporate transaction, respond to lawful requests, or resolve disputes.

International transfers

TrendRise may process and store information in the United States, Europe, and other countries where TrendRise, its providers, or its infrastructure operate.

• Where required, TrendRise may rely on adequacy decisions, the EU-U.S. Data Privacy Framework if certified and applicable, standard contractual clauses, UK transfer mechanisms, provider data-processing terms, or other lawful transfer tools.
• Provider transfer mechanisms should be reviewed and documented before serving regulated enterprise customers or targeted EU/UK consumer markets.
• The Subprocessors page and DPA should remain the operational record for key provider locations, transfer tools, and notice processes.
• Users should not upload regulated or highly sensitive data unless the applicable transfer and processing terms have been reviewed.

Retention and deletion

TrendRise keeps information for as long as needed to provide the service, maintain accounts, comply with law, resolve disputes, enforce agreements, prevent abuse, secure the service, maintain backups, and improve the product.

• Workspace content is generally retained while the account or workspace remains active unless deleted, exported, or removed under an available workflow.
• Billing, tax, credit ledger, refund, dispute, commission, payout, security, fraud-prevention, audit, and legal records may be retained longer than ordinary workspace content.
• Backups, logs, cache entries, and provider records may persist for limited periods after deletion from active systems.
• TrendRise may deny or limit deletion where retention is needed for legal obligations, security, fraud prevention, payment disputes, tax/accounting, contractual obligations, or protection of other users' rights.

Security

TrendRise uses administrative, technical, and organizational safeguards designed to protect personal information, but no online service can guarantee perfect security.

• Safeguards may include provider-managed authentication, access controls, environment variable management, encrypted transport, provider-managed encryption at rest where available, private artifact storage, logging, backups, least-privilege access, and incident review.
• Users should use strong authentication, protect workspace invitations, manage team access carefully, and avoid adding unnecessary sensitive data to prompts, imports, generated outputs, or support messages.
• Security issues should be reported to security@trendrise.io.
• If TrendRise confirms a security incident affecting personal information, it will investigate, contain, document, remediate, and notify affected parties or regulators where legally required.

Your privacy rights

Depending on your location and the nature of the processing, you may have rights to access, correct, delete, restrict, object to, or receive a portable copy of personal information, and to withdraw consent where processing is based on consent.

• EEA/UK users may also have the right to complain to a data protection authority.
• California and other US state residents may have rights to know, access, correct, delete, opt out of certain sales, sharing, targeted advertising, or profiling, limit certain sensitive-personal-information uses, and avoid discrimination for exercising rights where those laws apply.
• TrendRise does not knowingly sell or share personal information of children under 16.
• Privacy requests should be sent to privacy@trendrise.io and may require identity, account, authority, or workspace verification.

Some rights are not absolute. TrendRise may retain or withhold certain records where needed for security, fraud prevention, billing, credits, tax, accounting, legal obligations, dispute evidence, product integrity, confidential business information, other users' rights, or signed customer instructions.

California and US state privacy notes

TrendRise should review whether the CCPA/CPRA and other US state privacy laws apply based on revenue, customer count, personal-information volume, targeted advertising, data sharing, and business model.

• If applicable, TrendRise should maintain a California notice at collection, disclose categories of personal information, sources, purposes, recipients, retention, and rights, and provide required opt-out or limit-use mechanisms.
• TrendRise currently does not intend to sell customer lists for money or use sensitive personal information to infer characteristics, but Partner attribution, analytics, advertising, or retargeting features should be reviewed before launch.
• If TrendRise adds cross-context behavioral advertising, targeted advertising, data broker activity, or broader third-party sharing, the Privacy Policy and cookie/consent flows must be updated before use.
• Do-not-sell/share, sensitive-data, appeal, authorized-agent, and global privacy control handling should be finalized by counsel if applicable.

Children and sensitive data

TrendRise is not intended for children under 13 or for users below the minimum age required by local law. TrendRise is also not designed to process highly sensitive personal data.

• Do not use TrendRise to collect or process children's data, health data, biometric identifiers, government identifiers, payment card numbers, bank details, passwords, private keys, precise location, or regulated sensitive data unless TrendRise has approved that workflow in writing.
• If TrendRise learns that it collected children's data unlawfully, it will take appropriate steps to delete or disable the information.
• If sensitive data is accidentally submitted, TrendRise may delete, restrict, or quarantine it and may ask for more information to assess the issue.

Automated decisions and profiling

TrendRise uses automated systems to score opportunities, summarize sources, classify signals, recommend product paths, draft outputs, calculate credits, and support Partner attribution. These systems support product workflows and do not by themselves make legal, employment, credit, housing, insurance, medical, or similarly significant decisions about individuals.

• Opportunity scores and generated recommendations are hypotheses and should be reviewed by users before business decisions.
• Credit deductions, fraud flags, attribution decisions, support routing, and abuse reviews may use automated signals but can be reviewed by TrendRise where appropriate.
• If TrendRise later introduces automated decisions with legal or similarly significant effects, this policy and related consent/rights workflows must be updated before launch.

Business transfers and legal disclosures

TrendRise may disclose or transfer information in connection with a merger, acquisition, financing, reorganization, sale of assets, bankruptcy, or similar corporate transaction, subject to appropriate confidentiality and legal safeguards where required.

• TrendRise may disclose information to comply with subpoenas, court orders, law-enforcement requests, regulatory requests, tax/accounting duties, sanctions requirements, or other legal obligations.
• TrendRise may preserve and disclose information where it believes doing so is reasonably necessary to protect rights, safety, security, users, Partners, providers, or the public.
• TrendRise may use records to enforce Terms, Partner Terms, Refund Policy, DPA obligations, acceptable-use rules, and payment-provider rules.

Request process

Privacy requests should include enough information for TrendRise to identify the account, workspace, email address, request type, jurisdiction if relevant, and the authority of the person making the request.

• Send requests to privacy@trendrise.io.
• TrendRise may verify the request by email, authentication provider, account ownership, workspace role, billing relationship, signed customer authorization, or other reasonable method.
• TrendRise may route billing disputes to billing@trendrise.io, security reports to security@trendrise.io, legal notices to legal@trendrise.io, and product support to support@trendrise.io.
• If a request concerns data controlled by a business customer, TrendRise may refer the request to that customer or process it under that customer's instructions.

Policy updates

TrendRise may update this Privacy Policy as the product, providers, legal obligations, regions, cookies, analytics, AI processing, Partner program, billing model, or data practices change.

• Material changes should be communicated through the website, app, email, Checkout, cookie banner, or other reasonable channel where required.
• The updated date should be changed when the policy materially changes.
• Continued use after an update may mean you accept the updated policy, subject to applicable law.

Final legal review items

Before public launch, counsel should finalize the controller entity, contact details, DPO and representative status, legal bases, retention schedule, subprocessor notice process, transfer mechanisms, DPA alignment, California/US state disclosures, cookie inventory, AI/model-provider wording, and privacy-request workflow.

• This section can be removed once counsel finalizes the policy.
• Until then, it intentionally flags the items that should not be treated as attorney-approved.

Contact

Use the privacy inbox for privacy rights, data handling, retention, deletion, portability, correction, consent, cookie, and data-processing questions.

• Privacy requests: privacy@trendrise.io.
• Legal notices: legal@trendrise.io.
• Security reports: security@trendrise.io.
• Billing, refunds, invoices, disputes, and credits: billing@trendrise.io.
• Product support: support@trendrise.io.