Discover our latest updates and insights. Read the blog

Privacy Policy

Last updated: January 2026

Triqai ("Triqai", "we", "us") is a trade name of Rediant, registered in the Netherlands (KVK: 97621803). This Privacy Policy explains how we collect, use, store, and protect personal data when you use the Triqai website, dashboard, and API (the "Services").

We are committed to privacy by design and operate in accordance with the General Data Protection Regulation (GDPR).

1. Scope

This Privacy Policy applies to:

  • The Triqai marketing website
  • The Triqai dashboard
  • The Triqai API and related services

This policy applies to both individual developers and business users.

Triqai is intended for users aged 18 years or older.

2. Roles Under GDPR

Depending on the context, Triqai acts as:

  • Data Controller
    For personal data related to our own users, including account creation, authentication, billing administration, logs, and website analytics.
  • Data Processor
    When processing transaction data submitted through the Triqai API on behalf of customers. In this case, the customer is the data controller and Triqai acts solely on their instructions.

3. Personal Data We Collect

3.1 Account and Authentication Data

When you create or manage an account, we may process:

  • Name
  • Email address
  • Encrypted (hashed) password
  • OAuth identifiers (e.g. GitHub or Google)
  • Organization name and membership information

This data is required to provide access to the Services.

3.2 API and Transaction Data

When using the Triqai API, customers may submit transaction data that can include transaction descriptions, which may contain personal data.

Triqai processes transaction data for enrichment and display purposes.

Raw transaction input

  • Raw transaction descriptions submitted to the API are stored only within the customer's own organization.
  • Raw transaction descriptions are not shared with other customers.
  • Customers may delete raw transaction data at any time through the dashboard or API.

Enrichment data

  • Derived enrichment data (such as merchant entities, company identifiers, locations, and payment processors) may be stored and reused across organizations.
  • Shared enrichment data does not intentionally include personal data and is based on non-PII transactional signals.
  • Organization-specific enrichment results that may contain personal or contextual information remain scoped to the customer's organization.

Triqai does not use transaction data or enrichment data to train AI models.

Transaction data is retained until deleted by the customer.

3.3 Usage Logs and Diagnostics

To ensure reliability and security, we process limited technical data:

  • Request metadata (such as timestamps and organization identifiers)
  • Error diagnostics and error payloads

We do not intentionally store personal data or transaction descriptions in logs.

Log data is retained for up to 90 days.

3.4 Website Analytics

We use a privacy-friendly analytics solution on our marketing site to understand general usage patterns.

  • No cookies are used
  • No cross-site tracking
  • No user profiling
  • No personal data is collected

Analytics are processed under our legitimate interest to improve the website.

4. Legal Bases for Processing

We process personal data under the following GDPR legal bases:

  • Performance of a contract – to provide the Services you request
  • Legitimate interests – for security, monitoring, and service improvement
  • Legal obligations – for billing, accounting, and compliance

Where required, users remain in control of their data.

5. Data Retention

  • Account and organization data: retained until deleted by the user
  • Transaction data: retained until deleted by the customer
  • Logs and diagnostics: up to 90 days
  • Billing and invoicing data: retained as required by law

Users may delete their account at any time.

Account deletion results in the immediate removal (typically within minutes) of:

  • Accounts
  • Organizations
  • API keys
  • Stored transaction data
  • Organization members

Billing records required for legal and tax purposes are retained securely by our payment provider.

6. Data Sharing and Sub-Processing

We use trusted infrastructure and service providers to operate Triqai. These providers process data only as necessary to deliver the Services and under appropriate safeguards.

Data is processed in the EU where possible. Where data is processed outside the EU, appropriate safeguards such as standard contractual clauses apply.

We do not sell personal data.

7. Security Measures

We implement appropriate technical and organizational measures to protect data, including:

  • Encryption in transit (HTTPS)
  • Secure hosting environments
  • Access controls and organization-scoped data isolation
  • API keys and rate limiting
  • Monitoring and incident response procedures

8. AI and Data Usage

  • Customer data is not used to train AI models
  • Data submitted to the API is processed only to deliver the requested enrichment
  • No data is shared with third parties for advertising or profiling purposes

9. Your Rights Under GDPR

Under the GDPR, you have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your data
  • Restrict or object to processing
  • Data portability (where applicable)

Most actions can be performed directly via the dashboard. You may also contact us at support@triqai.com.

10. Data Processing Agreement (DPA)

For customers acting as data controllers, Triqai offers a Data Processing Agreement (DPA) governing API data processing.

The DPA forms part of the Terms of Service and is available on our Data Processing Agreement page.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated through the website or dashboard.

12. Contact

For privacy-related questions or requests:

Email: support@triqai.com
Company: Rediant (trade name: Triqai)
Jurisdiction: Netherlands