Privacy Policy

Introduction

At Treeo, we take your privacy and data security seriously. This Privacy Policy outlines our commitment to protecting your information and details the technical measures we implement to ensure your data remains secure.

This policy applies to all services offered by Treeo, including our website, analytics platform, and any other services we provide. By using our services, you consent to the collection and use of information as described in this policy.

Data Collection

We collect information to provide better services to our users. The types of information we collect include:

• Account Information: When you create an account, we collect your name, email address, and other contact information.
• Usage Data: We collect information about how you use our services, including queries executed, features used, and interaction patterns.
• Data Sources: When you connect data sources to our platform, we process the data contained within those sources to provide analytics capabilities.
• Technical Information: We collect information about the devices and browsers you use to access our services.

All data collection is performed with explicit user consent and in compliance with applicable data protection regulations.

Data Security

We implement a comprehensive security program that includes administrative, technical, and physical safeguards designed to protect your data from unauthorized access, disclosure, alteration, and destruction.

Our security infrastructure includes:

• Network Security: We employ firewalls, intrusion detection systems, and network segmentation to protect our infrastructure.
• Access Controls: We implement strict access controls based on the principle of least privilege, ensuring that employees only have access to the data they need to perform their job functions.
• Security Monitoring: Our systems are continuously monitored for suspicious activities and potential security breaches.
• Vulnerability Management: We regularly conduct security assessments and penetration testing to identify and address potential vulnerabilities.

Encryption Methods

We use industry-standard encryption technologies to protect your data:

• Data in Transit: All data transmitted between your browser and our servers is encrypted using TLS 1.2+ with strong cipher suites. This ensures that your data cannot be intercepted during transmission.
• Data at Rest: All data stored in our databases and file systems is encrypted using AES-256 encryption. This provides protection against unauthorized access to the underlying storage systems.
• Key Management: Encryption keys are securely managed using a key management service that rotates keys regularly and implements strict access controls.

Our encryption practices are regularly reviewed and updated to ensure they meet or exceed industry standards.

Data Storage

We store your data in secure, SOC 2 compliant data centers with the following characteristics:

• Physical Security: Our data centers implement multiple layers of physical security, including 24/7 monitoring, biometric access controls, and video surveillance.
• Redundancy: Data is stored redundantly across multiple locations to ensure availability and prevent data loss in case of hardware failures.
• Isolation: Customer data is logically isolated to prevent unauthorized access between different customers.
• Backup Procedures: Regular backups are performed and stored securely to enable recovery in case of data corruption or loss.

We retain your data only for as long as necessary to provide our services and fulfill the purposes outlined in this policy, unless a longer retention period is required by law.

Data Access

Access to your data is strictly controlled:

• Authentication: We implement multi-factor authentication for all access to our systems and your data.
• Authorization: Access to customer data is granted on a need-to-know basis and is reviewed regularly.
• Audit Logging: All access to customer data is logged and monitored for suspicious activities.
• Third-Party Access: We do not provide third parties with access to your data unless explicitly authorized by you or required by law.

Compliance

We comply with applicable data protection regulations and industry standards:

• GDPR: For users in the European Union, we comply with the General Data Protection Regulation (GDPR).
• CCPA: For users in California, we comply with the California Consumer Privacy Act (CCPA).
• SOC 2: Our security controls are designed to meet SOC 2 requirements for security, availability, and confidentiality.
• Regular Audits: We conduct regular internal and external audits of our security practices to ensure compliance with our policies and applicable regulations.

Your Rights

Depending on your location, you may have certain rights regarding your personal data:

• Access: You can request access to the personal data we hold about you.
• Correction: You can request that we correct inaccurate or incomplete data.
• Deletion: You can request that we delete your personal data under certain circumstances.
• Portability: You can request a copy of your data in a structured, machine-readable format.
• Objection: You can object to our processing of your personal data under certain circumstances.

To exercise these rights, please contact us at privacy@treeo.ai.

Policy Updates

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes by:

• Posting the updated policy on our website
• Sending an email to the address associated with your account
• Displaying a notice on our platform

We encourage you to review this policy periodically to stay informed about our data protection practices.