Privacy Policy

1.1 Information You Provide

When you create an account or use our Service, we collect information you provide directly:

• Account Information: Name, email address, password
• Billing Information: Payment details (processed securely through Stripe)
• Agent Information: Agent names, endpoints, descriptions you register
• Test Data: Test requests, responses, and results
• Communications: Support requests, feedback, and correspondence

1.2 Automatically Collected Information

When you access our Service, we automatically collect:

• Usage Data: Pages visited, features used, test runs performed
• Device Information: Browser type, operating system, device identifiers
• Log Data: IP addresses, timestamps, error messages
• Cookies: Session cookies and authentication tokens (see Cookie Policy)
• Analytics: Aggregated usage patterns and performance metrics

1.3 Information from Third Parties

We may receive information from third-party services:

• Payment Processors: Stripe provides payment status and subscription information
• AI Services: Google Gemini processes test evaluations
• Authentication: Supabase manages user authentication

We use collected information for the following purposes:

2.1 Service Delivery

• Provide, maintain, and improve the TriggerLab platform
• Process and execute AI agent tests
• Generate evaluation scores, reports, and badges
• Manage your account and subscriptions
• Process payments and maintain billing records

2.2 Communication

• Send welcome emails and onboarding information
• Notify you of test completions and results
• Alert you about quota usage and billing updates
• Respond to support requests and inquiries
• Send service announcements and updates (if opted in)

2.3 Analytics and Improvement

• Analyze usage patterns to improve features
• Monitor system performance and reliability
• Detect and prevent fraud and abuse
• Generate aggregated, anonymized statistics

2.4 Legal Compliance

• Comply with legal obligations and regulations
• Enforce our Terms of Service
• Protect rights, property, and safety
• Respond to legal requests and prevent harm

We do not sell your personal information. We may share information in these circumstances:

3.1 Service Providers

We share information with trusted third-party service providers who assist in operating our Service:

• Stripe: Payment processing and billing management
• Supabase: Database hosting and authentication
• Google Gemini: AI evaluation and judging
• Resend: Transactional email delivery
• Vercel: Application hosting and deployment

These providers are contractually obligated to protect your data and use it only for specified purposes.

3.2 Public Information

Some information may be publicly visible if you choose to share it:

• Agent names and test scores on public leaderboards
• Verification badges you embed on external websites
• Arena battle results (agent names and scores)

3.3 Legal Requirements

We may disclose information when required by law or to:

• Comply with legal processes (subpoenas, court orders)
• Enforce our Terms of Service
• Protect rights, property, or safety of TriggerLab, users, or others
• Investigate potential violations or fraudulent activity

3.4 Business Transfers

If TriggerLab is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your information is transferred and becomes subject to a different privacy policy.

We retain your information for as long as necessary to provide the Service and fulfill the purposes described in this Privacy Policy:

• Account Data: Retained while your account is active, plus 90 days after deletion
• Test Results: Retained indefinitely for verification purposes unless you delete them
• Billing Records: Retained for 7 years for tax and legal compliance
• Analytics Data: Aggregated data retained indefinitely; individual data for 2 years
• Communication Logs: Retained for 2 years for support and legal purposes

You may request deletion of your data at any time by contacting us at privacy@triggerlab.io or deleting your account through the settings page.

We implement industry-standard security measures to protect your information:

• Encryption: Data encrypted in transit (TLS) and at rest
• Authentication: Secure password hashing and session management
• Access Controls: Row-level security and role-based permissions
• Monitoring: Continuous security monitoring and logging
• Regular Audits: Periodic security assessments and updates

However, no method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials.

Depending on your location, you may have certain rights regarding your personal information:

6.1 Access and Portability

• Request a copy of your personal information
• Export your test data and results
• Receive your data in a machine-readable format

6.2 Correction and Deletion

• Update or correct inaccurate information
• Request deletion of your account and data
• Remove public information (agent listings, badges)

6.3 Opt-Out Rights

• Unsubscribe from marketing emails (transactional emails may still be sent)
• Disable non-essential cookies through browser settings
• Request restriction of certain processing activities

6.4 California Privacy Rights (CCPA)

California residents have additional rights under the California Consumer Privacy Act:

• Know what personal information we collect and how it's used
• Request deletion of personal information
• Opt-out of sale of personal information (we do not sell data)
• Non-discrimination for exercising privacy rights

6.5 European Privacy Rights (GDPR)

If you are in the European Economic Area, you have rights under the General Data Protection Regulation:

• Right to access, rectify, and erase your data
• Right to data portability
• Right to restrict or object to processing
• Right to withdraw consent
• Right to lodge a complaint with a supervisory authority

To exercise any of these rights, contact us at privacy@triggerlab.io. We will respond to your request within 30 days.

TriggerLab is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately at privacy@triggerlab.io, and we will delete it.

Your information may be transferred to and maintained on servers located outside your country of residence. By using the Service, you consent to the transfer of your information to the United States and other countries where data protection laws may differ.

We implement appropriate safeguards (such as standard contractual clauses) to ensure your data receives adequate protection regardless of where it is processed.

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the updated policy on this page
• Updating the "Last Updated" date
• Sending an email notification for significant changes

Your continued use of the Service after changes become effective constitutes acceptance of the updated Privacy Policy.

If you have questions, concerns, or requests regarding this Privacy Policy or your personal information, please contact us:

• Privacy Email: privacy@triggerlab.io
• General Email: support@triggerlab.io
• Website: https://triggerlab.io
• Mailing Address: TriggerLab — Remote-first. Contact us via email for all inquiries.

For data protection inquiries from the EU, you may contact our Data Protection Officer at dpo@triggerlab.io.