Privacy Policy

The short version

• We collect what we need to run the service — nothing more
• We never train AI models on your code or data — ours or anyone else's
• We never sell your data to anyone
• You can export or delete everything we hold on you at any time

1. Who we are

VEUGA Network LLC, a Wyoming limited liability company ("we", "us"), operates trendslop.ai as a product. If you're an EU/UK user, we're the data controller. Email privacy@trendslop.ai with any questions.

2. What we collect

Account data

Name, email, password hash (or OAuth provider ID), profile picture if you choose to upload one, billing address if you subscribe.

Project data

The GitHub repositories you connect via the Trendslop GitHub App, including OAuth installation tokens (encrypted at rest with AWS KMS) and the file contents we read from those repositories at audit time. We read source files to detect security findings, dependency issues, configuration problems, and similar production-readiness signals.

Usage data

Logs of which features you used, when, how many credits were spent, and any errors that occurred. We use this to bill you accurately and to fix bugs.

Cookies & analytics

We use one strictly-necessary cookie for your login session (managed by our authentication provider Clerk). We use one analytics cookie (self-hosted, GDPR-compliant) to count page visits anonymously. We do not use Google Analytics, Facebook Pixel, or any cross-site advertising tracker.

3. What we do with it

We use your data only to:

• Provide the Service (run audits, generate auto-fix pull requests, manage your account)
• Bill you for what you use
• Send you transactional emails (security alerts, billing receipts, audit results)
• Send you product updates if you've opted in — you can opt out any time from your settings
• Comply with legal obligations (tax, court orders)

4. What we don't do

• We don't train AI models — ours or anyone else's — on your code or your data, ever
• We don't sell, rent, or share your data with advertisers or data brokers
• Our automated systems read your code to perform audits — that's the Service. Humans on our team only access your code if you've reported a specific issue and given explicit consent for us to investigate it.

5. Who else sees your data

Limited "data processors" help us run the service:

• AWS — hosting and storage (US regions only at this time)
• Stripe — payment processing (PCI-DSS Level 1)
• Clerk — authentication and session management
• Supabase — application database
• AWS SES — transactional email
• Anthropic — AI inference for some audit features (configured with training opt-out)
• GitHub — when you connect the Trendslop GitHub App, GitHub processes the API calls between us and your repositories

Each processor that handles personal data has a Data Processing Agreement with us. Full list available on request to privacy@trendslop.ai.

6. Where your data lives

In AWS us-east-1 (Northern Virginia, USA). If we transfer EU/UK personal data to the US, we use Standard Contractual Clauses. EU data residency is on our roadmap but not yet available — if this matters for your compliance, contact us before subscribing.

7. How long we keep it

Active accounts: as long as you're using the Service. When you delete your account from Settings, we delete your account data, project data, audits, and OAuth tokens immediately. Limited records may be retained longer where law requires (e.g. tax invoices, typically 7 years). Backups may retain copies for up to 30 days before they are overwritten.

8. Your rights

Depending on where you live, you may have the right to:

• Access — get a copy of what we hold on you
• Correct — fix anything inaccurate
• Delete — erase your account and all associated data (one click in Settings)
• Export — download your data in a portable format
• Object — tell us to stop using your data for a particular purpose
• Withdraw consent — for anything based on consent

To exercise any of these, use the Settings page or email privacy@trendslop.ai. We respond within 30 days.

9. Children

The Service is not for anyone under 18. We don't knowingly collect data from minors. If you think we have, email us and we'll delete it immediately.

10. Changes

If we change this policy in a way that affects you materially, we'll email you at least 14 days before the change takes effect.

11. Contact

VEUGA Network LLC
Wyoming, USA
Questions, requests, or complaints: privacy@trendslop.ai

EU users may also complain to your local data-protection authority.