Trovebase Privacy Policy

Effective Date: April 18, 2025

Preamble

For the purposes of this Privacy Policy, the following terms have the meanings set out below:

  • TroveBase: the SaaS platform offering marketing‑operations tooling (content scheduling, project management, AI ad optimization) under the name “TroveBase,” accessible at https://trovebase.com/.

  • Administrator: an agency owner or in‑house marketer who registers for TroveBase to manage their clients and workflows.

  • Client: an external approver invited by an Administrator to review or approve content.

  • Data Controller: TroveBase, operated by TroveBase, with registered address at 1121 Bay St, Toronto, ON, M5S 2R1, Canada.

  • Data Protection Officer: Rehaan Kothari (rehaan@trovebase.com).

1. Personal Data We Collect

1.1 Account Registration & Authentication

  • What: First & last name, agency name, email, hashed password, SSO identifiers (Google OAuth), profile picture.

  • Why: To create and secure your TroveBase account.

  • Basis: Performance of a contract.

1.2 OAuth Tokens

  • What: Encrypted Google Ads, Meta, LinkedIn, and Stripe refresh/access tokens.

  • Why: To integrate external accounts and pull campaign data or process payments.

  • Basis: Performance of a contract.

1.3 External Approver Data

  • What: Client name, email, WhatsApp number.

  • Why: To send approval requests by email or WhatsApp.

  • Basis: Performance of a contract.

1.4 Billing & Payment

  • What: Company name, billing address, payment method metadata (Stripe token), invoice history.

  • Why: To charge your plan, issue invoices, and maintain tax records.

  • Basis: Performance of a contract; legal obligation (tax/accounting).

1.5 Support & Communications

  • What: Support chat transcripts, email newsletter subscriptions (with timestamped consent).

  • Why: To respond to support requests and send product updates.

  • Basis: Legitimate interest (support); consent (marketing).

1.6 Security & Access Logs

  • What: Login timestamps, IP addresses, basic server‑side logs.

  • Why: Fraud prevention, security auditing, troubleshooting.

  • Basis: Legitimate interest (security).

1.7 Cookies & Similar Technologies

  • What: Strictly necessary cookies to maintain sessions; CookieYes consent cookie.

  • Why: To keep you logged in and remember your cookie‑preferences.

  • Basis: Legitimate interest; consent for any non‑essential cookies.

2. Purpose & Legal Basis

Purpose

Data Category

Legal Basis

Account creation & login
Registration, OAuth tokens
Contract performance
Payment processing & invoicing
Billing & payment data
Contract performance; legal obligation
Client approvals
External approver data
Contract performance
Support responses
Support communications
Legitimate interest
Marketing emails
Newsletter subscriptions
Consent
Security & fraud prevention
Access logs
Legitimate interest
Cookie preferences
Cookies
Necessary: legitimate interest; optional: consent

3. Data Retention Periods

  • Account & profile data: Until 2 weeks after account deletion.

  • Billing records: 6 years (Canadian tax law).

  • Security logs: 12 months.

  • Support transcripts: 2 years.

  • Cookie consent records: Retained per CookieYes default (up to 12 months).

After each retention period, personal data are securely erased or irreversibly anonymized.

4. Recipients & Sub‑processors

We share your data only when necessary and under strict contractual controls:

Processor

Purpose

Location

Transfer Mechanism

Webflow
Public website hosting
USA
SCCs
Railway
Application hosting
USA
SCCs
Amazon S3
Media & backup storage
USA
SCCs
Postgres (Railway)
Primary database
USA
SCCs
Redis (Railway)
Caching layer
USA
SCCs
Mailgun
Transactional & marketing emails
USA
SCCs
Stripe
Payment processing
USA/EU
SCCs
CookieYes
Cookie consent management
EU

No other third parties receive your personal data without your explicit request or legal requirement.

5. International Data Transfers

Some sub‑processors operate servers outside Canada/EEA (e.g. USA). We protect transfers using EU‑approved Standard Contractual Clauses (SCCs) or equivalent safeguards.

6. Your Rights

Under GDPR, UK GDPR, and Canadian PIPEDA you have the right to:

  • Access your personal data.

  • Rectify inaccuracies.

  • Erase data (the “right to be forgotten”), subject to legal obligations

  • Restrict processing in certain circumstances.

  • Object to processing based on legitimate interest or direct marketing.

  • Portability: receive your data in a structured, machine‑readable format.

  • Withdraw consent at any time for marketing or non‑essential cookies.

  • Complain to a supervisory authority:

    • Canada: Office of the Privacy Commissioner (https://www.priv.gc.ca/)

    • EU/UK: Your local Data Protection Authority (e.g. ICO in the UK, AEPD in Spain).

To exercise any right, email us at rehaan@trovebase.com with a copy of your ID.

7. Security Measures

We implement industry‑standard safeguards, including:

  • TLS encryption in transit.

  • AES‑256 encryption at rest

  • Hashed & salted passwords (bcrypt).

  • Access controls & role‑based permissions.

  • Regular vulnerability scans and patch management.

8. Children’s Privacy

TroveBase is for users 18 years and older. We do not knowingly collect data from anyone under 18. If you believe we have, please contact us to have it deleted.

9. Cookies & Tracking

We use only strictly necessary cookies and a single consent cookie via CookieYes. We do not deploy analytics or marketing cookies unless you explicitly opt in. See our Cookie Policy for details.

10. Automated Decision‑Making

TroveBase does not perform any solely automated profiling or decision‑making that would legally require additional disclosures or user consent.

11. Online Dispute Resolution

In the EU, you may use the EU Commission’s ODR platform:

https://ec.europa.eu/consumers/odr/

12. Changes to This Policy

We update this policy to reflect changes in our practices or legal requirements. The “Effective Date” at top is when last revised. We will notify you of material changes via email.

Contact: admin@trovebase.com | 1121 Bay St, Toronto, ON M5S 2R1

Run your agency with less chaos. And way fewer tools.

Trovebase replaces the clutter with a calm, focused workspace that’s built for the way your team works.

Start Free Trial
Book a Demo
© 2025 Trovebase. All rights reserved.