Trove

Beta

Preview

Preview

Trove

Beta

Preview

Preview

Trove

Beta


Privacy Policy

Effective Date: March 13, 2026 | Trove (usetrove.app)

1. Introduction

Welcome to Trove ("we", "our", or "us"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Trove application and website (collectively, the "Service").

Please read this policy carefully. If you disagree with its terms, please discontinue use of the Service.

2. Information We Collect

We collect the following categories of information directly from you:

  • Name / Username — to create and identify your account

  • Email Address — for authentication, account notifications, and optional newsletters

We do not collect phone numbers, mailing addresses, job titles, billing addresses, payment card numbers, age, or passwords in plain text.

3. Information Collected Automatically

When you use the Service, we may automatically collect certain technical information, including:

  • Usage data via Mixpanel analytics (pages visited, features used, session duration)

  • Session identifiers and cookies to maintain your authenticated session

  • Google Maps API data if you interact with location-based features

  • Web beacons to understand engagement with our communications

We do not use advertising tracking, Facebook Pixel, retargeting, or Local Storage for tracking purposes.

4. How We Use Your Information

We use the information we collect to:

  • Create and manage your account

  • Provide, operate, and improve the Service

  • Process AI-powered bookmark summarisation and organisation via OpenAI

  • Analyse usage patterns to improve product experience (Mixpanel)

  • Send transactional emails and, where opted-in, newsletters and product updates

  • Process subscription payments (Stripe)

  • Respond to your inquiries and provide customer support

  • Comply with legal obligations

5. Third-Party Service Providers

We share data with trusted third-party providers only as necessary to operate the Service:

  • OpenAI — processes bookmark URLs and page metadata to generate AI summaries. Only metadata (URL, page title, excerpt) is transmitted; full page content is not stored long-term.

  • Mixpanel — analytics platform that receives anonymised usage events to help us understand how users interact with the Service.

  • Stripe — payment processor for Basic and Pro subscription management. We do not store payment card details; all payment data is handled directly by Stripe under its own PCI-DSS compliance.

  • Amazon Web Services (AWS) — cloud infrastructure provider hosting the Trove application. AWS processes data in accordance with its AWS Data Processing Addendum and security certifications (ISO 27001, SOC 2).

  • Supabase — managed database platform (built on PostgreSQL) that stores your account data and bookmarks. Supabase is hosted on AWS infrastructure and complies with GDPR and SOC 2 standards.

All providers are contractually bound to process your data only as instructed and in accordance with applicable privacy laws.

6. Cookies and Tracking Technologies

We use the following technologies:

  • Session cookies — required for authentication; deleted when you close your browser

  • Web beacons — used in emails to track open rates

  • Google Maps API — used for any location-aware features

We do not use advertising cookies, retargeting pixels, or any cross-site tracking. You may disable cookies in your browser settings, though this may affect your ability to log in.

7. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. You may request deletion of your account and associated data at any time by contacting us at support@usetrove.app. Upon deletion, your data is removed from active databases within 30 days, except where retention is required by law.

8. Your Rights — GDPR (EEA/UK Users)

If you are located in the European Economic Area or the United Kingdom, you have the following rights under the General Data Protection Regulation (GDPR):

  • Right of Access — request a copy of the personal data we hold about you

  • Right to Rectification — request correction of inaccurate data

  • Right to Erasure — request deletion of your personal data

  • Right to Restriction — request that we limit processing of your data

  • Right to Data Portability — receive your data in a structured, machine-readable format

  • Right to Object — object to processing based on legitimate interests

To exercise any of these rights, contact us at support@usetrove.app. We will respond within 30 days.

9. Your Rights — CCPA (California Residents)

Under the California Consumer Privacy Act (CCPA), California residents have the right to:

  • Know what personal information we collect, use, disclose, and sell

  • Request deletion of personal information

  • Opt out of the sale of personal information — we do not sell personal information

  • Non-discrimination for exercising your privacy rights

To submit a CCPA request, contact us at support@usetrove.app.

10. Children's Privacy

Trove is not directed to individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected data from a child under 13, we will delete it promptly.

11. Data Security

We implement industry-standard security measures including encrypted data transmission (TLS/HTTPS), hashed credential storage, access controls, and regular security reviews. Our infrastructure is hosted on AWS, which maintains SOC 2 and ISO 27001 certifications. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

12. International Data Transfers

Your information may be transferred to and processed in the United States, where our infrastructure is based. Our hosting provider (AWS) and database provider (Supabase) process data on servers located in the United States. Where required by applicable law, we rely on Standard Contractual Clauses or equivalent safeguards to protect cross-border transfers.

13. Google Login

If you choose to sign in using Google, we receive your name, email address, and profile picture from Google in accordance with your Google account permissions. We do not receive your Google password. Your use of Google Login is subject to Google's Privacy Policy.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or via an in-app notice. The updated policy will be effective as of the date posted. Continued use of the Service after the effective date constitutes acceptance.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy, please contact us: