Trimio, Inc. ("Trimio", "we", "us", or "our") is a Delaware corporation that operates the Trimio AI inference optimization platform at trimio.ai. This Privacy Policy describes how we collect, use, disclose, and retain information when you visit or interact with our website or use our service.
Questions? Contact us at privacy@trimio.ai. For questions about how we process data on behalf of our business customers, see our Data Processing Addendum. For our security posture, see trimio.ai/security.
Trimio, Inc. is a corporation organized under Delaware law. We operate the Trimio AI inference optimization platform at trimio.ai.
For privacy questions, contact us at:
This Privacy Policy describes how Trimio collects, uses, discloses, and retains information when you:
This Policy applies to visitors to our Site and to users of the Trimio Service. It does not govern the data that our business customers ("Customers") choose to route through the Trimio proxy — that is governed by the agreement between Trimio and each Customer, and by the Customer's own privacy policies toward their end users.
We are a B2B SaaS company. Our direct users are businesses and their authorized personnel — not individual consumers. We do not knowingly collect data from children under 13.
Accounts and registration: Name, work email address, company name, job title, and password (hashed; we never store plaintext passwords).
Communications: Content of emails, support tickets, or other communications you send to us.
Demo and sales inquiries: Information submitted through demo booking forms (name, company, email, estimated AI spend).
Log data (Site and Service): IP address, browser type and version, operating system, pages visited, referrer URL, time and date of visit, clicks, scroll depth, and session duration.
Usage data (Service): API request metadata including model called, provider, token counts, latency, cost, routing decisions, virtual key identifier, and customer-assigned tags. Admin UI actions including configuration changes, team management, and virtual key creation/revocation.
Prompt and response bodies: Not collected by default. Customers must explicitly enable prompt/response body logging via the per-organization log_bodies setting in the Trimio Admin UI. When enabled, bodies are retained for the customer-configured retention period (default 90 days). Customers control this setting and their end users' exposure to it.
Identity providers (Google Workspace, Microsoft Entra ID): When you authenticate via SSO, we receive your name and work email from the identity provider. We do not receive your IdP password.
Payment processors: We receive transaction confirmations and last-four-digits of payment cards from our payment processor. Full card numbers are not transmitted to or stored by Trimio.
We use cookies and similar tracking technologies on trimio.ai. See our Cookie Policy for full details. A summary:
| Technology | Provider | Purpose | Type |
|---|---|---|---|
| Google Analytics 4 (GA4) | Google LLC | Aggregate site traffic analytics (pageviews, session duration, referrers) | Analytics |
| HubSpot | HubSpot, Inc. | CRM integration, form tracking, demo lead capture | Marketing/CRM |
| Session cookies | Trimio | Keep you logged in to the Admin UI | Strictly necessary |
| CSRF cookies | Trimio | Security (cross-site request forgery protection) | Strictly necessary |
Do Not Track (DNT): We do not currently alter our data collection practices in response to browser DNT signals. If a uniform standard is established, we will revisit this position.
Opt-out: You can opt out of GA4 analytics via the Google Analytics Opt-out Browser Add-on.
| Purpose | Lawful basis (where GDPR applies) |
|---|---|
| Providing and operating the Service | Performance of contract |
| Processing payments and managing accounts | Performance of contract |
| Customer support and responding to inquiries | Legitimate interest / performance of contract |
| Transactional emails (alerts, receipts, account notices) | Performance of contract |
| Security: fraud detection, abuse prevention, audit logging | Legitimate interest |
| Analytics: understanding how the Site and Service are used | Legitimate interest |
| Marketing: product updates and news to existing customers | Legitimate interest (with opt-out) |
| Legal compliance: meeting obligations under applicable law | Legal obligation |
We do not use Customer Data (including prompt and response bodies) to train AI models, sell to third parties, or for any purpose other than delivering the Service.
Subprocessors: We use third-party vendors to help deliver the Service. These vendors are listed at trimio.ai/subprocessors and are contractually required to protect your information and use it only for the purpose we specify.
Business transfers: If Trimio is acquired, merges, or undergoes a similar transaction, customer information may be transferred as part of that transaction. We will notify affected customers before their information is transferred and becomes subject to a different privacy policy.
Legal requirements: We may disclose information if required by law, subpoena, court order, or valid government request, or to protect the safety, rights, or property of Trimio, our customers, or the public.
With your consent: We may share information for other purposes with your explicit consent.
We do not sell personal information. We do not share personal information with third parties for their own independent marketing purposes.
California residents have additional rights under the CCPA/CPRA: the right to know what personal information we collect, use, disclose, and sell about you; the right to request deletion; the right to correct inaccurate personal information; and the right to opt out of sale/sharing (which we do not do — no action required). To submit a CCPA request, email privacy@trimio.ai with the subject line "CCPA Privacy Request."
EU and UK residents have rights under the GDPR including: access, rectification, erasure ("right to be forgotten"), restriction of processing, data portability, objection to processing, and rights related to automated decision-making. To exercise these rights, email privacy@trimio.ai. We will respond within 30 days. If you believe we have violated your rights, you have the right to lodge a complaint with your local supervisory authority.
| Data type | Retention period |
|---|---|
| Account and profile information | Duration of account + 90 days after deletion request |
| API request metadata (model, tokens, cost, latency) | Duration of subscription + up to 12 months |
| Prompt/response bodies (if body logging is enabled) | Customer-configured TTL (default: 90 days) |
| Billing and payment records | 7 years (US tax law requirements) |
| Security and audit logs | 90 days (application logs); 12 months (privileged audit log) |
| Marketing contact data | Until opt-out or 3 years of inactivity |
| Backup data | Up to 210 days |
We implement technical and organizational measures to protect the information we hold:
No security system is impenetrable. In the event of a data breach affecting your information, we will notify you without undue delay and in accordance with applicable law.
Trimio is based in the United States. Our services are hosted on Google Cloud Platform in the US (us-central1). If you are located outside the US, your information may be transferred to and processed in the US.
For EU and UK customers, Trimio offers a Data Processing Addendum (DPA) incorporating Standard Contractual Clauses (SCCs) and the UK IDTA. See trimio.ai/dpa.
The Site may link to third-party websites. We are not responsible for the privacy practices of those sites. We encourage you to review the privacy policies of any third-party site you visit.
We may update this Privacy Policy from time to time. We will notify registered users via email and post the updated policy at trimio.ai/privacy with a new "Last Updated" date. Continued use of the Service after the effective date of a material change constitutes acceptance of the updated Policy.
For privacy questions, requests, or complaints:
We will respond to all privacy inquiries within 30 days.