TRODO PRIVACY POLICY

Last Updated: January 29, 2026
Effective Date: January 29, 2026

Before diving into the legal details, here's what you need to know:

  • What We Collect: Your name, email, company info, usage data, and application behavioral data (including AI agent traces, tool calls, and conversational interactions)
  • How We Use It: To provide our analytics services, improve our platform, and communicate with you
  • Who We Share With: Only trusted service providers (never sold)
  • Your Rights: Access, delete, correct, or export your data anytime
  • Your Control: You can opt out of marketing and request data deletion
  • Security: We encrypt data and follow industry-best practices
  • Compliance: We're GDPR and CCPA compliant (SOC 2 and ISO 27001 in progress)

This summary is for convenience only. The full policy below is legally binding.

Welcome to Cryptique Inc. ("Trodo," "we," "us," or "our"). We are committed to protecting your privacy and handling your personal data transparently and securely in compliance with applicable data protection laws, including:

  • General Data Protection Regulation (GDPR)
  • California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)
  • Other applicable privacy laws worldwide

This Privacy Policy explains how we collect, use, disclose, and protect your information when you:

  • Visit our website at https://trodo.ai
  • Use our AI product analytics and agent intelligence platform (the "Platform")
  • Integrate our software development kit (SDK) into your applications
  • Interact with our APIs
  • Contact us for support or other purposes
  • Receive communications from us

By using our Services, you acknowledge that you have read, understood, and agree to this Privacy Policy and our Terms of Service.

If you do not agree with this Privacy Policy, you must not use our Services.

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through our Platform. Your continued use after changes constitutes acceptance of the updated policy.

"Personal Data" or "Personal Information" means any information relating to an identified or identifiable natural person, including names, email addresses, IP addresses, and usage data.

"Processing" means any operation performed on Personal Data, including collection, storage, use, disclosure, or deletion.

"Data Controller" means the entity that determines the purposes and means of processing Personal Data.

"Data Processor" means the entity that processes Personal Data on behalf of the Data Controller.

"Client" means a customer who has registered for an account with Trodo to use our Platform.

"End-User" means an individual who visits or interacts with a Client's application where our SDK is implemented, including users of AI chatbots, agents, or conversational interfaces.

"Services" means our website, Platform, SDK, APIs, and all related services.

"Application Data" means user interaction data from Client applications, including behavioral events, conversational flows, AI agent traces, tool calls, and system interactions.

"Agent Traces" means detailed logs of AI agent execution, including tool invocations, decision logic, step sequences, and outcomes.

Cryptique Inc.

  • A Delaware corporation
  • Address: 8 The Green, STE R, Dover, DE 19901, USA
  • Website: https://trodo.ai
  • Data Protection Officer: Akshit Varsani, Co-Founder & CTO
  • Email: privacy@trodo.ai

We operate in two distinct capacities depending on the context:

When you interact directly with Trodo (as a Client, website visitor, or prospective customer), we are the Data Controller and are responsible for:

  • Determining how and why we process your Personal Data
  • Ensuring lawful basis for processing
  • Protecting your privacy rights
  • Responding to your data subject requests
  • Ensuring compliance with data protection laws

This section of the Privacy Policy applies to you.

When our Clients use our Platform to analyze their End-Users' data, the CLIENT is the Data Controller and we are the Data Processor.

CRITICAL FOR END-USERS:

If you are using an application that has implemented Trodo's SDK (i.e., you are an End-User), you must contact that application owner (our Client) for all privacy requests, including:

  • Access to your Personal Data
  • Correction of inaccurate data
  • Deletion of your data
  • Objection to processing
  • Any other privacy rights

We can only process End-User requests when instructed by our Client (the Data Controller).

CRITICAL FOR CLIENTS:

If you are a Trodo Client, you are fully responsible for:

  • ✓ Obtaining valid consent from your End-Users before collecting data
  • ✓ Providing comprehensive privacy notices to End-Users
  • ✓ Establishing lawful basis for all data processing
  • ✓ Responding to End-User privacy requests (access, deletion, etc.)
  • ✓ Complying with all applicable data protection laws (GDPR, CCPA, etc.)
  • ✓ Notifying End-Users and authorities of data breaches
  • ✓ Ensuring lawful international data transfers

Trodo is NOT liable for your failure to comply with these obligations. See our Terms of Service Section 13 for full indemnification provisions.

The information we collect depends on how you interact with our Services.

When you create an account or use our Platform, we collect:

  • Name (first and last name)
  • Email address
  • Company name
  • Account password (stored as a secure, encrypted hash)
  • Account preferences and settings
  • Payment method (credit card brand and last 4 digits, stored by Stripe)
  • Billing address
  • Tax identification information (if applicable)

Important: We do not store full credit card numbers, CVV codes, or other sensitive payment information. All payment processing is handled securely by Stripe, our third-party payment processor.

  • Support tickets and customer service correspondence
  • Feedback and survey responses
  • Marketing communication preferences
  • Event registration information
  • API keys and access tokens (encrypted)
  • Two-factor authentication data (if enabled)
  • Login timestamps and IP addresses (for security purposes)

When you visit our website or use our Platform, we automatically collect:

  • IP Address: We collect IP addresses for security, fraud prevention, and country-level location detection. For website analytics, the last octet of IP addresses is anonymized immediately upon collection.
  • Browser type and version (e.g., Chrome, Safari, Firefox)
  • Operating system (e.g., Windows, macOS, iOS, Android)
  • Device information (screen resolution, device type)
  • Language preferences
  • Time zone
  • Pages visited and navigation paths
  • Time spent on pages and session duration
  • Click patterns and user interactions
  • Scroll depth and engagement metrics
  • Entry and exit pages
  • Referring websites and search terms
  • Feature usage within the Platform

We use the following technologies to enhance your experience:

  • Session recording: We record user sessions (mouse movements, clicks, scrolls) to understand how users interact with our Platform and improve user experience
  • Heatmaps: We create visual representations of where users click and scroll
  • Mouse tracking: We track cursor movements to analyze user behavior

You acknowledge that by using our Services, you consent to this behavioral tracking for analytics and service improvement purposes.

When our Clients implement our SDK on their applications, we collect and process the following data about their End-Users on behalf of the Client (Data Controller):

  • User identifiers (pseudonymized IDs, email addresses if provided by Client)
  • Session data (session IDs, timestamps, duration)
  • Page/screen views and navigation (URLs visited, screen names, navigation paths)
  • User interactions (clicks, form submissions, conversions, button taps)
  • Engagement metrics (time on page, scroll depth, bounce rate)
  • Geographic location (country-level only, derived from IP address)
  • Device and browser information
  • Referral sources (where users came from)

When End-Users interact with AI chatbots, agents, or conversational interfaces within Client applications:

Data We Collect:

  • User prompts and messages (conversational input)
  • Agent responses and outputs
  • Agent traces and execution logs
  • Tool invocations (which tools/functions the agent called)
  • Tool parameters and inputs
  • Tool outputs and results
  • Decision logic and reasoning steps
  • Multi-step workflow sequences
  • Latency and performance metrics
  • Success/failure status of tool calls and agent actions
  • User satisfaction signals (implicit: conversation continuation, explicit: ratings/feedback)
  • Frustration indicators (rage clicks, repeated queries, session abandonment)
  • Error messages and failure reasons

Important Clarifications:

  • ✓ We do NOT collect or have access to: User authentication credentials; API keys or secrets; Passwords or PINs; The ability to execute actions on your behalf
  • ✓ Agent traces are application execution data: All agent/tool trace data is generated by your application. We simply capture, store, and analyze it for insights.
  • ✓ User consent responsibility: Clients are responsible for notifying End-Users that their conversational interactions and agent behavior are being tracked and analyzed.

We use your Personal Data for the following purposes:

  • Account management: Create and manage your account, authenticate your identity
  • Service delivery: Provide access to the Platform, SDK, and APIs
  • Analytics and insights: Generate reports, dashboards, and insights for Clients
  • Feature development: Develop new features and improve existing functionality
  • Performance optimization: Monitor and optimize Platform performance
  • Bug fixes and troubleshooting: Identify and resolve technical issues
  • Service notifications: Send important updates about your account and our Services
  • Customer support: Respond to your inquiries and provide technical assistance
  • Marketing communications: Send newsletters, product updates, and promotional content (with your consent; you can opt out anytime)
  • Surveys and feedback: Request feedback to improve our Services
  • Account security: Detect and prevent unauthorized access
  • Fraud detection: Identify and prevent fraudulent transactions and abuse
  • Platform security: Protect our infrastructure from attacks and vulnerabilities
  • Compliance monitoring: Ensure compliance with our Terms of Service
  • Legal obligations: Comply with applicable laws, regulations, and legal processes
  • Tax and accounting: Maintain records for tax and audit purposes
  • Dispute resolution: Respond to legal claims and enforce our rights
  • Regulatory reporting: Report to regulatory authorities as required
  • Billing and payments: Process payments and manage subscriptions
  • Analytics and research: Analyze usage patterns and market trends
  • Business intelligence: Create aggregated, anonymized insights and benchmarks
  • Internal operations: Manage our business, HR, and administrative functions

We use Personal Data (including End-User data processed on behalf of Clients) to:

  • Train AI models: Improve our intelligence algorithms and recommendations
  • Personalize insights: Provide customized analytics and recommendations
  • Automate processes: Automate anomaly detection, pattern recognition, and data analysis

Note: We use aggregated and pseudonymized data for AI training. Clients can opt out of having their data used for AI training in their account settings.

Under GDPR, we must have a lawful basis to process your Personal Data. Our lawful bases include:

6.1 Consent (Article 6(1)(a) GDPR)

We rely on your consent for:

  • Marketing communications: Sending promotional emails and newsletters
  • Non-essential cookies: Analytics and marketing cookies (see Section 7)
  • Behavioral tracking: Session recording, heatmaps, and mouse tracking
  • AI training: Using your data to improve our AI models (Clients can opt out)

You may withdraw consent at any time by:

  • Clicking "unsubscribe" in marketing emails
  • Adjusting your cookie preferences (though we don't currently offer granular controls)
  • Contacting us at privacy@trodo.ai
  • Disabling AI training in your account settings

6.2 Contractual Necessity (Article 6(1)(b) GDPR)

We process your Personal Data to perform our contract with you (our Terms of Service):

  • Creating and managing your account
  • Providing access to the Platform and Services
  • Processing payments and billing
  • Delivering customer support
  • Enforcing our Terms of Service

6.3 Legitimate Interests (Article 6(1)(f) GDPR)

We rely on legitimate interests for:

  • Platform security and fraud prevention: Protecting our Services and users from threats
  • Service improvement: Analyzing usage to enhance functionality
  • Business operations: Managing our business efficiently
  • Marketing to existing customers: Informing you of relevant updates and features

We balance our legitimate interests against your rights and freedoms. You have the right to object to processing based on legitimate interests (see Section 12).

6.4 Legal Obligation (Article 6(1)(c) GDPR)

We process Personal Data to comply with legal obligations:

  • Tax and accounting requirements
  • Regulatory reporting
  • Responding to lawful requests from authorities
  • Retaining data for audit and compliance purposes

We use cookies and similar technologies to provide, protect, and improve our Services.

Cookies are small text files stored on your device when you visit a website. They help us recognize you, remember your preferences, and analyze how you use our Services.

We use the following categories of cookies:

Purpose: Required for the Services to function properly

Examples:

  • Authentication and session management
  • Security and fraud prevention
  • Load balancing and performance

Note: Essential cookies cannot be disabled as they are necessary for core functionality.

Purpose: Help us understand how users interact with our Services

Examples:

  • Page views and navigation patterns
  • Feature usage and engagement metrics
  • Error tracking and debugging

Providers: Trodo (first-party analytics)

Note: We use analytics cookies by default. By using our Services, you consent to these cookies.

Purpose: Remember your preferences and settings

Examples:

  • Language and region preferences
  • Theme and display settings
  • Account customization

Purpose: Deliver relevant advertising and measure campaign effectiveness

Examples:

  • Retargeting and remarketing
  • Conversion tracking
  • Ad performance measurement

Providers:

  • Google Ads: Tracks ad interactions and conversions
  • Meta Ads (Facebook/Instagram): Tracks ad interactions and conversions
  • X Ads (Twitter): Tracks ad interactions and conversions

Note: Marketing cookies are used by default. By using our Services, you consent to these cookies.

  • Session cookies: Deleted when you close your browser
  • Persistent cookies: Remain on your device for a set period (typically 1-24 months)

Current Cookie Management:

We do not currently offer a cookie consent banner or granular cookie controls. By using our Services, you consent to all cookies described in this policy.

Browser-Level Controls:

Most browsers allow you to:

  • Block all cookies
  • Delete existing cookies
  • Set preferences for specific websites

How to manage cookies in your browser:

  • Chrome: Settings > Privacy and Security > Cookies
  • Safari: Preferences > Privacy > Cookies and Website Data
  • Firefox: Settings > Privacy & Security > Cookies
  • Edge: Settings > Privacy > Cookies

Note: Disabling cookies may impact the functionality of our Services.

We do not currently respond to "Do Not Track" signals from browsers.

Some cookies are placed by third-party services that appear on our pages:

  • Google Ads
  • Meta Pixel (Facebook)
  • X Ads (Twitter)
  • Stripe (payment processing)
  • Mailchimp (email marketing)

These third parties have their own privacy policies governing how they use your information.

We do not sell, rent, or trade your Personal Data to third parties.

We only share your Personal Data in the following limited circumstances:

We share Personal Data with trusted third-party service providers who assist us in operating our Platform and providing our Services. These providers are contractually obligated to:

  • Use your data only for the purposes we authorize
  • Protect your data with appropriate security measures
  • Delete or return your data when services end

Our current service providers include:

Service Provider Purpose Data Processed Location
Google Cloud Platform (GCP) Infrastructure, hosting, data storage All Client and End-User data United States
Stripe Payment processing Billing info, payment methods United States
Google Workspace Email and internal communication Client communication data United States
Mailchimp Email marketing Email addresses, marketing preferences United States
Retool Internal tools and dashboards Client account data United States
Cloudflare CDN, DDoS protection IP addresses, request data Global

Changes to Sub-Processors: We will notify Clients at least 30 days in advance of adding new sub-processors. Clients may object within 30 days; if we cannot accommodate the objection, the Client may terminate without penalty.

We may disclose Personal Data when required by law or to:

  • Comply with legal processes (subpoenas, court orders, warrants)
  • Respond to government or regulatory inquiries
  • Enforce our Terms of Service and protect our rights
  • Prevent fraud, security threats, or illegal activity
  • Protect the safety and rights of our users and the public

If Trodo is involved in a merger, acquisition, asset sale, or bankruptcy:

  • Your Personal Data may be transferred to the acquiring entity
  • We will notify you via email before the transfer
  • The new entity will be bound by this Privacy Policy (or provide a new one)
  • You may have the right to opt out or request deletion before the transfer

We may share your Personal Data with third parties when you explicitly consent to such sharing.

We may share aggregated, anonymized data that does not identify you personally:

  • Industry benchmarks and insights
  • Usage statistics and trends
  • Research and analysis

This data is not considered Personal Data and is not subject to this Privacy Policy.

Your data is primarily stored and processed in the United States (via Google Cloud Platform).

If you are located outside the United States (including in the European Economic Area, United Kingdom, or other jurisdictions), your Personal Data will be transferred to and processed in the United States.

By using our Services, you consent to this international transfer.

For transfers from the EEA or UK to the United States, we implement the following safeguards:

Upon request, we can enter into EU Standard Contractual Clauses (SCCs) approved by the European Commission to ensure adequate protection for your Personal Data.

To request SCCs: Contact us at privacy@trodo.ai. We will execute SCCs with you (if you are a Client) or with our sub-processors.

For UK-based users, we can execute the UK International Data Transfer Addendum to the SCCs.

We implement additional security measures to protect data transferred internationally:

  • Encryption in transit and at rest
  • Access controls and authentication
  • Regular security audits
  • Contractual obligations on sub-processors

Enterprise Clients may request data residency options (e.g., EU-only storage) as part of a custom agreement. Contact us at privacy@trodo.ai to discuss data residency requirements.

We take the security of your Personal Data seriously and implement industry-standard technical and organizational measures to protect it.

  • Encryption:
    • Data in transit: TLS 1.3 encryption
    • Data at rest: AES-256 encryption
  • Access Controls:
    • Role-based access control (RBAC)
    • Multi-factor authentication (MFA) for employee access
    • Principle of least privilege
  • Network Security:
    • Firewalls and intrusion detection/prevention systems
    • DDoS protection via Cloudflare
    • Network segmentation and isolation
  • Application Security:
    • Secure coding practices and code reviews
    • Regular vulnerability scanning and penetration testing
    • Automated security updates and patch management
  • Monitoring and Logging:
    • Real-time security monitoring and alerting
    • Audit logs for all access and changes
    • Incident response procedures
  • Employee Training: Regular security awareness training for all staff
  • Background Checks: Screening of employees with access to Personal Data
  • Confidentiality Agreements: All employees and contractors sign NDAs
  • Access Restrictions: Limited access to Personal Data on a need-to-know basis
  • Incident Response Plan: Documented procedures for security incidents and data breaches

We are currently pursuing the following security certifications:

  • SOC 2 Type II (in progress)
  • ISO 27001 (in progress)

We are already GDPR and CCPA/CPRA compliant.

No system is 100% secure. While we implement industry-best practices, we cannot guarantee absolute security against all threats. You are responsible for:

  • Keeping your account credentials secure
  • Using strong, unique passwords
  • Enabling two-factor authentication
  • Promptly reporting any suspected security incidents

We retain Personal Data only as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

Data Type Retention Period
Active account data While your account is active
Deleted account data 30 days after account deletion
Billing and payment records 7 years (for tax and audit compliance)
Support communications 3 years after case closure
Data Type Retention Period
Event and session data 24 months from collection
Conversational and agent trace data 24 months from collection
User profiles 24 months from last activity
Aggregated/anonymized data Indefinitely (no longer Personal Data)

Note: Clients may configure shorter retention periods in their account settings or Data Processing Agreement.

  • Backup retention: Up to 90 days in backup systems
  • Deleted data: May persist in backups for up to 90 days before permanent deletion

We may retain data longer if required by law or legal proceedings (e.g., litigation holds, regulatory investigations).

Upon expiration of the retention period (or upon your deletion request), we will:

  • Permanently delete your Personal Data from our production systems
  • Remove data from backups within 90 days
  • Retain only aggregated, anonymized data (if applicable)

Depending on your location, you have certain rights regarding your Personal Data.

Regardless of location, you have the right to:

  • Access: Request a copy of your Personal Data
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your Personal Data (subject to legal exceptions)
  • Opt-Out of Marketing: Unsubscribe from marketing communications

If you are located in the EEA or UK, you have the following rights under GDPR:

12.2.1 Right of Access (Article 15)

Request a copy of your Personal Data and information about how it's processed.

12.2.2 Right to Rectification (Article 16)

Request correction of inaccurate or incomplete Personal Data.

12.2.3 Right to Erasure / "Right to be Forgotten" (Article 17)

Request deletion of your Personal Data when:

  • It's no longer necessary for the purposes it was collected
  • You withdraw consent and there's no other lawful basis
  • You object to processing and there are no overriding legitimate grounds
  • The data was unlawfully processed
  • Legal obligations require deletion

Exceptions: We may retain data if required for legal compliance, legal claims, or public interest.

12.2.4 Right to Restrict Processing (Article 18)

Request that we limit how we use your Personal Data when:

  • You contest the accuracy of the data
  • Processing is unlawful, but you don't want deletion
  • We no longer need the data, but you need it for legal claims
  • You've objected to processing pending verification

12.2.5 Right to Data Portability (Article 20)

Receive your Personal Data in a structured, machine-readable format (JSON or CSV) and transmit it to another controller.

12.2.6 Right to Object (Article 21)

Object to processing based on:

  • Legitimate interests: We will stop processing unless we demonstrate compelling legitimate grounds
  • Direct marketing: We will stop sending marketing communications immediately

12.2.7 Rights Related to Automated Decision-Making (Article 22)

You have the right not to be subject to decisions based solely on automated processing (including profiling) that produce legal or similarly significant effects.

Our use of automated processing: We use AI for analytics and recommendations, but these do not produce legal effects. See Section 15 for details.

Withdraw your consent for processing at any time (where processing is based on consent). This does not affect the lawfulness of processing before withdrawal.

You have the right to lodge a complaint with your local data protection authority:

If you are a California resident, you have the following rights under CCPA/CPRA:

Request information about categories of Personal Information we collect, sources, business purposes, third parties we share with, and specific pieces we've collected.

Request deletion of your Personal Information (subject to certain exceptions).

Request correction of inaccurate Personal Information.

We do not sell your Personal Information for monetary compensation. However, some marketing/analytics providers may use your data in a way that constitutes "sharing" under CCPA.

To opt out: Contact privacy@trodo.ai with subject "Do Not Sell/Share My Personal Information".

We use sensitive information only for providing our Services.

To limit use: Contact privacy@trodo.ai.

We will not deny services, charge different prices, or provide different quality for exercising your rights.

You may designate an authorized agent to make requests on your behalf. The agent must provide proof of authorization.

To exercise any of the above rights:

  1. Email us: privacy@trodo.ai
  2. Subject line: "Privacy Rights Request - [Your Right]" (e.g., "Privacy Rights Request - Data Access")
  3. Include: Your name and email; Description of your request; Proof of identity (we may require account login verification)

Response Time:

  • GDPR: Within 30 days (may be extended by 60 days for complex requests)
  • CCPA: Within 45 days (may be extended by 45 days)

Verification: We will verify your identity by requiring you to log into your account or provide additional identifying information.

No Fee: We do not charge a fee for most requests. We may charge a reasonable fee for excessive or repetitive requests.

Our Services are not intended for individuals under the age of 18 (or the age of majority in your jurisdiction). We do not knowingly collect Personal Data from anyone under 18.

If we become aware that we have inadvertently collected Personal Data from a child under 18:

  • We will take immediate steps to delete such information
  • We will notify the account holder (if applicable)
  • We will implement additional safeguards to prevent future collection

If you are a parent or guardian and believe your child has provided us with Personal Data, please contact us immediately at privacy@trodo.ai.

If you are a Client:

  • You are responsible for ensuring that your End-Users are of appropriate age under applicable laws (e.g., COPPA in the U.S., GDPR Article 8 in the EU)

If your End-Users include children:

  • You must comply with applicable child privacy laws
  • Obtain verifiable parental consent where required
  • Provide appropriate privacy notices to parents

Trodo is not liable for your failure to comply with child privacy laws.

Our Services may contain links to third-party websites, applications, or services that are not owned or controlled by Trodo. We are not responsible for:

  • The privacy practices of third-party sites
  • The content or accuracy of third-party services
  • Any data you provide to third parties

We recommend reviewing the privacy policies of any third-party services you access.

Our Platform may integrate with third-party services (e.g., Zapier, Segment) to enhance functionality.

  • Your use of integrations is subject to the third party's terms and privacy policy
  • May involve sharing your data with the third party
  • Is your responsibility to configure and manage

We may integrate data from third-party services (e.g., analytics SDKs, attribution tools) to provide comprehensive insights. These providers have their own privacy policies and are not controlled by Trodo.

Our AI analyzes user behavior patterns and agent execution to provide insights and recommendations, such as:

  • Usage trends and adoption patterns
  • User retention and churn predictions
  • Agent performance metrics
  • Tool effectiveness analysis
  • Anomaly detection and friction identification
  • Conversational pattern analysis

We use AI to automatically analyze application data, agent traces, and user interactions to generate actionable insights without manual querying.

Our chatbot interface allows you to ask natural-language questions about your data, and our AI generates analysis and insights in seconds.

We use Personal Data (including End-User data processed on behalf of Clients) to train and improve our AI models.

Data used for training:

  • Aggregated and pseudonymized behavioral data
  • Application usage patterns
  • User interaction data

Opt-Out: Clients can opt out by adjusting settings in their account dashboard or contacting privacy@trodo.ai.

We do not make fully automated decisions that produce legal effects or similarly significantly affect you (e.g., automatically denying service, suspending accounts solely based on AI, or making credit/financial decisions).

Human oversight: All significant decisions involve human review.

Under GDPR Article 22, you have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects.

Since our AI does not make such decisions, this right does not typically apply. However, if you believe our AI processing affects you significantly, you may:

  • Object to the processing (Section 12.2.6)
  • Request human review of any decision
  • Contact us at privacy@trodo.ai

We take data security seriously and have implemented comprehensive security measures (see Section 10).

If we become aware of a Personal Data breach that poses a risk to your rights and freedoms:

We will notify you:

  • Within 72 hours of becoming aware of the breach (as required by GDPR)
  • Via email to your registered account email address
  • With details including:
    • Nature of the breach
    • Categories and approximate number of affected individuals
    • Likely consequences
    • Measures we've taken or propose to take
    • Contact information for further inquiries

The Client (Data Controller) is responsible for notifying their End-Users of breaches affecting End-User data.

We will:

  • Notify the Client within 72 hours
  • Provide all necessary information for the Client to fulfill their notification obligations
  • Assist the Client in responding to the breach

We will notify relevant data protection authorities of breaches as required by law:

  • GDPR: Notification to the lead supervisory authority within 72 hours
  • CCPA: Notification to the California Attorney General if required
  • Other jurisdictions: As required by applicable law

If you suspect a security incident involving your account:

  • Contact us immediately at privacy@trodo.ai
  • Change your password
  • Enable two-factor authentication (if not already enabled)
  • Review your account activity for unauthorized access

We reserve the right to modify this Privacy Policy at any time to reflect:

  • Changes in our data practices
  • New features or services
  • Legal or regulatory requirements
  • Industry best practices

We will notify you of material changes by:

  1. Updating the "Last Updated" date at the top of this Privacy Policy
  2. Sending email notification to your registered email address
  3. Posting a notice on our website or Platform

Effective Date of Changes: Material changes take effect 30 days after notice. Non-material changes (e.g., clarifications) take effect immediately.

If you do not agree to the updated Privacy Policy:

  • You may terminate your account before the effective date (see our Terms of Service Section 10.2)
  • Continued use of the Services after the effective date constitutes acceptance

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your Personal Data.

Email: privacy@trodo.ai
Subject: "Privacy Inquiry"
Response Time: We aim to respond within 48 hours.

Name: Akshit Varsani
Title: Co-Founder & CTO
Email: privacy@trodo.ai

Email: privacy@trodo.ai
Subject: "Privacy Rights Request - [Your Right]"
Response Time:

  • GDPR: 30 days
  • CCPA: 45 days

Email: privacy@trodo.ai
Subject: "URGENT: Security Incident"
Response Time: We respond to security incidents immediately.

Cryptique Inc.
8 The Green, STE R
Dover, DE 19901
United States

https://trodo.ai

  • Data Controller (for Clients): Cryptique Inc., 8 The Green, STE R, Dover, DE 19901, USA
  • Data Protection Officer: Akshit Varsani, privacy@trodo.ai
  • EU Representative: Not currently appointed (we may appoint one if required)
  • EU Supervisory Authorities: If you are in the EEA and wish to file a complaint, contact your local data protection authority — List: https://edpb.europa.eu/about-edpb/about-edpb/members_en
  • Business Name: Cryptique Inc.
  • Business Address: 8 The Green, STE R, Dover, DE 19901, USA
  • Contact for Privacy Requests: privacy@trodo.ai
  • Do Not Sell/Share Opt-Out: Contact privacy@trodo.ai with subject "Do Not Sell/Share My Personal Information"

We comply with applicable data protection laws in all jurisdictions where we operate. For jurisdiction-specific inquiries, contact privacy@trodo.ai.

BY USING OUR SERVICES, YOU ACKNOWLEDGE THAT:

  • ✓ You have read and understood this Privacy Policy in its entirety
  • ✓ You consent to the collection, use, and disclosure of your Personal Data as described
  • ✓ You understand your privacy rights and how to exercise them
  • ✓ You understand the difference between Trodo as Data Controller vs. Data Processor
  • ✓ If you are a Client, you understand your responsibilities as a Data Controller for End-User data
  • ✓ You understand our use of cookies and tracking technologies
  • ✓ You agree to receive communications from us as described in this policy

IF YOU DO NOT AGREE WITH THIS PRIVACY POLICY, YOU MUST NOT USE OUR SERVICES.

Cryptique Inc.
Effective Date: January 29, 2026
Last Updated: January 29, 2026

END OF PRIVACY POLICY