← Back to Social Command

Privacy Policy

Last updated: April 2026

Trinity Command (“we,” “us,” or “our”) operates Social Command. This Privacy Policy explains what data we collect, how we use it, and the rights you have over your information. By using Social Command, you agree to the practices described here.

1. Information We Collect

Account Information

  • Email address
  • Name (optional, provided at signup)
  • Billing information (processed by Stripe — we do not store card numbers)
  • Subscription plan and usage tier

Connected Platform Data

  • Encrypted session tokens from connected social media accounts (Instagram, Facebook, TikTok, etc.) — never your passwords
  • Platform usernames and display names
  • Direct messages and conversation history from connected accounts
  • Account metadata (follower counts, platform IDs)

Usage Data

  • Pages visited within the Service and session duration
  • Actions taken (messages approved, automations triggered, settings changed)
  • Device type, browser, and approximate location (country/region)

2. What We Do NOT Collect or Store

  • Social media passwords. We never ask for or store your passwords for connected platforms. Session Bridge uses authentication tokens only.
  • Payment card numbers or full financial account details. All payment processing is handled by Stripe under their PCI-compliant infrastructure.
  • Biometric data, government ID, or sensitive personal categories of data under GDPR.

3. How We Use Your Data

  • To provide, maintain, and improve the Service
  • To authenticate with connected social platforms on your behalf
  • To classify message intent, generate AI response suggestions, and power automation features using your conversation data
  • To send transactional emails (invoices, security alerts, verification)
  • To send product updates and newsletters (you may opt out at any time)
  • To detect and prevent fraud, abuse, and security incidents
  • To comply with legal obligations

4. AI Processing of Your Data

Social Command uses AI (powered by Anthropic Claude) to analyze your conversations for intent classification, lead scoring, and response generation. Regarding this processing:

  • Direct messages are submitted to Anthropic's API for processing. Anthropic does not train on API-submitted data by default under their enterprise usage policies.
  • Message content is not stored long-term beyond what exists in your Conversation records within Social Command. You can delete conversations at any time.
  • AI-generated outputs (suggested replies, classifications) are stored as part of your account data to provide history and audit trails.

5. Third-Party Services

We share data with the following third parties to operate the Service:

  • Stripe— Payment processing. Subject to Stripe's Privacy Policy.
  • Resend — Transactional email delivery. Email addresses are shared to deliver account emails.
  • Anthropic Claude — AI processing of conversation data for classification and response generation.
  • Supabase / PostgreSQL — Database hosting for your account data, stored in secure cloud infrastructure.

We do not sell your data to any third party for advertising or marketing purposes.

6. Data Retention

  • Active account data is retained for as long as your account exists.
  • Upon account deletion, all personal data is permanently deleted within 30 days.
  • We may retain aggregated, anonymized analytics data (not linked to you personally) for longer periods to improve the Service.
  • Financial records may be retained for up to 7 years as required by applicable law.

7. Your Rights

You have the following rights regarding your personal data:

  • Access: Request a copy of all data we hold about you via the Data Export feature in Settings.
  • Correction: Update your account information at any time from your profile settings.
  • Deletion: Delete your account and all associated data from the Danger Zone section in Settings.
  • Portability: Export your data in JSON format from the Settings page.
  • Opt-out: Unsubscribe from marketing emails at any time using the unsubscribe link in any email.

8. GDPR Compliance

For users in the European Economic Area (EEA), UK, or Switzerland, we process your personal data under the following legal bases:

  • Contract performance: To provide the Service you signed up for.
  • Legitimate interests: To improve the Service, detect fraud, and ensure security.
  • Consent: For marketing communications and optional data processing.
  • Legal obligation: To comply with applicable law.

You have the right to lodge a complaint with your local data protection authority if you believe your rights have been violated. To exercise any of your GDPR rights, contact us at privacy@trinitycommand.io.

9. Cookies

We use an authentication cookie (“sc-token”) to maintain your login session. This cookie is HttpOnly, Secure, and SameSite=Lax. We do not use third-party tracking cookies or advertising cookies.

10. Security

We implement industry-standard security measures including AES-256-GCM encryption for sensitive data at rest, TLS encryption in transit, bcrypt password hashing (12 rounds), and rate limiting on all authentication endpoints. Despite these measures, no system is perfectly secure. We encourage you to use a strong, unique password for your Social Command account.

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes via email. Continued use of the Service after changes take effect constitutes your acceptance of the updated policy.

12. Contact

For privacy-related questions, data requests, or GDPR inquiries:

Trinity Command — Privacy Team

privacy@trinitycommand.io

HomeTerms of ServiceRefund Policy