Trelli
Home
Back

Privacy Policy

Last updated: April 2, 2026

1. Introduction

Trelli CRM ("Trelli," "we," "us," "our") operates the customer relationship management platform at trellicrm.com. This Privacy Policy describes how we collect, use, disclose, and protect your information when you use our Service.

By using Trelli, you consent to the data practices described in this policy. If you do not agree, please do not use the Service.

2. Information We Collect

Account Information

When you create an account, we collect your name, email address, and authentication credentials (managed by our authentication provider). Organization owners also provide a business name.

CRM Data

You may input contacts, deals, tasks, estimates, messages, meetings, documents, and other business data into the Service. This data is stored on your behalf and belongs to you.

Payment Information

Payment details (credit card numbers, billing addresses) are collected and processed by Stripe. We do not store your full payment card information on our servers.

Usage Data

We automatically collect information about how you interact with the Service, including pages visited, features used, AI assistant queries, and error logs. This data is used to improve the Service and diagnose issues.

Voice Data

If you use the voice input feature, speech is processed locally in your browser using the Web Speech API. Voice audio is not transmitted to or stored on our servers. Only the transcribed text is sent to the Service.

3. How We Use Your Information

  • Provide, maintain, and improve the Service
  • Process subscriptions and payments
  • Send transactional emails (invitations, task assignments, payment receipts, notifications)
  • Power the AI assistant (Ivy) to respond to your queries and perform CRM actions
  • Monitor usage to enforce plan limits and prevent abuse
  • Provide customer support
  • Comply with legal obligations

We do not sell your personal information to third parties. We do not use your CRM data for advertising or marketing purposes.

4. Third-Party Services

We use the following third-party services to operate Trelli. Each has its own privacy policy governing how they handle your data:

  • Clerk (authentication) — manages sign-in, sign-up, and session management. Stores your email, name, and authentication tokens.
  • Stripe (payments) — processes subscription payments and stores payment methods. We share your email and organization name with Stripe for billing purposes.
  • Neon (database hosting) — hosts our PostgreSQL database where your CRM data is stored. Data is encrypted at rest and in transit.
  • Resend (email delivery) — sends transactional emails on our behalf. Receives recipient email addresses and email content.
  • Supabase (file storage) — stores uploaded files such as documents, photos, and company logos.
  • Anthropic (AI) — powers the Ivy AI assistant. Your queries and relevant CRM context are sent to Anthropic's API to generate responses. Anthropic does not use this data to train their models.
  • Vercel (hosting) — hosts the application and executes server-side code. May process request metadata (IP addresses, user agents) for security and performance.

5. Data Security

We implement industry-standard security measures to protect your data:

  • All data transmitted between your browser and our servers is encrypted via TLS/HTTPS
  • Database connections use SSL encryption
  • Integration API keys stored in our database are encrypted with AES-256-GCM
  • Authentication is managed by Clerk with secure session handling
  • Worker portal uses PIN-based authentication with bcrypt hashing
  • Webhook signatures are verified using HMAC-SHA256

While we take reasonable measures to protect your information, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

6. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. When you delete your organization, all associated data (contacts, deals, tasks, estimates, messages, documents, and team memberships) is permanently deleted within 30 days.

You may export all your data at any time using the data export feature in Settings before deleting your account.

7. Your Rights

You have the right to:

  • Access your data — view all information stored in your account
  • Export your data — download a complete copy via Settings
  • Correct your data — update any information through the CRM interface
  • Delete your data — delete your organization and all associated data via Danger Zone
  • Delete your account — permanently remove your user account and sign-in credentials

To exercise these rights or for any privacy-related requests, contact us at contact@trellicrm.com.

8. Cookies

We use essential cookies for authentication and session management. We do not use advertising or tracking cookies. Third-party services (Clerk, Stripe) may set their own cookies as necessary for their functionality.

9. Children's Privacy

The Service is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service. The "Last updated" date at the top reflects the most recent revision.

11. Governing Law

This Privacy Policy is governed by the laws of the State of Texas, without regard to conflict of law principles.

12. Contact

If you have questions or concerns about this Privacy Policy or our data practices, contact us at contact@trellicrm.com.