Trust

Security overview

How we protect your account, your content, and your learners' data. Last updated July 14, 2026. This page is a plain-language summary, not a contract — for a DPA or security questionnaire, email support@trivana.ai.

Hosting & encryption

Trivana runs on Vercel with a Supabase (Postgres) database in US-East and Cloudflare R2 for media. All traffic is served over TLS, and data is encrypted in transit and at rest by our infrastructure providers.

Access control

Every customer's content and reports are isolated by row-level security (RLS) in the database and by per-request authorization in our APIs — a signed-in user can only read or modify their own (or their team's) games, cohorts, and learner results.

Authentication

Creator accounts sign in with Google OAuth or email via Supabase Auth. SSO and SCIM are roadmap capabilities and are not included in the founding pilot.

Learner data

Players can join private reinforcement rounds with no account. We store the self-asserted name, pseudonymous participant/session identifiers, response events, score, completion time, and play timestamps needed for the private cohort recap. Names are not identity-verified. Exports are sanitized against spreadsheet-formula injection.

Data retention & deletion

You can request deletion of your account, a specific quiz's learner results, or a cohort's data by emailing support; we action deletion within 30 days. On termination, customer content and learner records are returned or deleted on request.

Sub-processors

We use a small set of vetted providers (Supabase, Vercel, Cloudflare, ElevenLabs, Runway, Stripe, Razorpay, and our LLM provider). The full register, with what each processes and where, is on our sub-processors page.

Sub-processors · Privacy policy · Trivana for Training