Discover our latest updates and insights. Read the blog

Privacy Policy

Last updated: February 2026

Triqai ("Triqai", "we", "us") is a trade name of Rediant, registered in the Netherlands (KVK: 97621803). This Privacy Policy explains how we collect, use, store, and protect personal data when you use the Triqai website, dashboard, and API (the "Services").

We are committed to privacy by design and operate in accordance with the General Data Protection Regulation (GDPR).

1. Scope

This Privacy Policy applies to:

  • The Triqai marketing website
  • The Triqai dashboard
  • The Triqai API and related services

This policy applies to both individual developers and business users.

Triqai is intended for users aged 18 years or older.

2. Roles Under GDPR

Depending on the context, Triqai acts as:

  • Data Controller
    For personal data related to our own users, including account creation, authentication, billing administration, logs, and website analytics.
  • Data Processor
    When processing transaction data submitted through the Triqai API on behalf of customers. In this case, the customer is the data controller and Triqai acts solely on their instructions.

3. Personal Data We Collect

3.1 Account and Authentication Data

When you create or manage an account, we may process:

  • Name
  • Email address
  • Encrypted (hashed) password
  • OAuth identifiers (e.g. GitHub or Google)
  • Organization name and membership information

This data is required to provide access to the Services.

3.2 API and Transaction Data

When using the Triqai API, customers may submit transaction data that can include transaction descriptions, which may contain personal data.

Triqai processes transaction data for enrichment and display purposes.

Raw transaction input

  • Raw transaction descriptions submitted to the API are stored only within the customer's own organization.
  • Raw transaction descriptions are not shared with other customers.
  • Customers may delete raw transaction data at any time through the dashboard or API.

Enrichment data

  • Derived enrichment data (such as merchant entities, company identifiers, locations, and payment processors) may be stored and reused across organizations.
  • Shared enrichment data does not intentionally include personal data and is based on non-PII transactional signals.
  • Organization-specific enrichment results that may contain personal or contextual information remain scoped to the customer's organization.

Triqai does not use transaction data or enrichment data to train AI models.

Transaction data is retained until deleted by the customer.

3.3 Operational Diagnostics, Logs, and Caching

To ensure reliability, performance, and security, we process limited technical data including:

  • Request metadata (such as timestamps and organization identifiers)
  • Activity logs for dashboard usage and system operations
  • Error diagnostics and error payloads
  • Cached data for performance optimization

Operational diagnostics and logs may include raw transaction inputs or descriptions when necessary for troubleshooting, performance monitoring, and security purposes. This data is stored in our primary database and transient stores.

We process this data under our legitimate interest in maintaining security, performance, and system reliability.

Retention of logs and transient stores:

  • Activity logs, operational diagnostics, and cached data are retained for up to 90 days
  • Transient stores (including cache and operational queues) are subject to monitored automated cleanup processes
  • Log data references primary database identifiers; when primary data is deleted, associated logs become non-functional and are purged

We do not use log data or diagnostic information for analytics or profiling purposes.

3.4 Website Analytics

We use a privacy-friendly analytics solution on our marketing site to understand general usage patterns.

  • No cookies are used for analytics
  • No cross-site tracking
  • No user profiling
  • No personal data is collected

Analytics are processed under our legitimate interest to improve the website.

3.5 Cookies and Functional Identifiers

Triqai uses a limited set of cookies and identifiers that are strictly necessary for the operation of the Services:

  • Session cookies – Used to maintain your authenticated session after login. These are essential for the dashboard and API access to function.
  • Organization sync cookie – A short-lived cookie used to synchronize your organization context after account changes.
  • Anonymous visitor identifier – When using the public API playground without an account, a functional cookie is set to enforce rate limiting and prevent abuse. This identifier is not used for tracking, analytics, or profiling.

All cookies used by Triqai are strictly necessary for the functioning of the Services. We do not use cookies for marketing, advertising, or cross-site tracking.

No consent is required for strictly necessary cookies under the ePrivacy Directive. You may disable cookies in your browser settings, but this may affect the functionality of the Services.

4. Legal Bases for Processing

We process personal data under the following GDPR legal bases:

  • Performance of a contract – to provide the Services you request
  • Legitimate interests – for security, performance optimization, monitoring, and service improvement
  • Legal obligations – for billing, accounting, and compliance

Where required, users remain in control of their data.

5. Data Retention

  • Account and organization data: retained until deleted by the user
  • Transaction data: retained until deleted by the customer
  • Operational logs, diagnostics, and cached data: up to 90 days
  • Minimal pseudonymous abuse-prevention identifiers (for example, irreversible hashed email fingerprints): up to 180 days
  • Billing and invoicing data: retained as required by law

Users may delete their account at any time through the dashboard or by contacting support.

Deletion process and timeline:

Account deletion results in:

  • Immediate primary deletion (typically within minutes) of:
    • Accounts
    • Organizations
    • API keys
    • Stored transaction data
    • Organization members
  • Prompt purge of transient stores (within hours) including:
    • Activity logs and operational diagnostics
    • Cached data
    • Operational queues

Customers may request deletion at any time. Upon deletion, primary data is removed immediately, and associated logs and cached references are purged within hours, except for minimal pseudonymous abuse-prevention identifiers retained for up to 180 days.

Billing records required for legal and tax purposes are retained securely by our payment provider.

6. Data Sharing and Sub-Processing

We use trusted infrastructure and service providers to operate Triqai. These providers process data only as necessary to deliver the Services and under appropriate safeguards.

Transaction data is pre-processed to remove personally identifiable information before being shared with third-party service providers for enrichment. We maintain records of sub-processors and applicable safeguards, and provide this information to customers upon request.

Data is processed in the EU where possible. Where data is processed outside the EU, appropriate safeguards such as Standard Contractual Clauses (SCCs) apply.

We do not sell personal data.

7. Security Measures

We implement appropriate technical and organizational measures to protect data, including:

  • Encryption in transit (HTTPS)
  • Secure hosting environments
  • Access controls and organization-scoped data isolation
  • API keys and rate limiting
  • Monitoring and incident response procedures

8. AI and Data Usage

  • Customer data is not used to train AI models
  • Data submitted to the API is processed only to deliver the requested enrichment
  • Transaction data is pre-processed to remove personally identifiable information before being shared with service providers
  • No data is shared with third parties for advertising or profiling purposes

9. Your Rights Under GDPR

Under the GDPR, you have the right to:

  • Access your personal data
  • Rectification – correct inaccurate data
  • Erasure – delete your data (available via the dashboard or by contacting support)
  • Restriction – restrict or object to processing
  • Data portability – request a copy of your personal data in a structured, commonly used, and machine-readable format

Most actions can be performed directly via the dashboard. For data portability requests or any other data subject rights, you may contact us at support@triqai.com. We will respond to your request within 30 days in accordance with GDPR requirements.

10. Data Processing Agreement (DPA)

For customers acting as data controllers, Triqai offers a Data Processing Agreement (DPA) governing API data processing.

The DPA forms part of the Terms of Service and is available on our Data Processing Agreement page.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated through the website or dashboard.

12. Contact

For privacy-related questions or requests:

Email: support@triqai.com
Company: Rediant (trade name: Triqai)
Jurisdiction: Netherlands