Privacy Policy

Account & Organization

Business name, contact email, phone, business type, GSTIN, city, and address provided during registration. Team member names, roles, and invitation details added by org admins.

Operational Data

CRM: contacts, accounts, deals, notes, call logs, pipeline records. Restaurant: reservations, table orders, menu configurations, POS logs. Ads: campaign metadata, linked ad account IDs, performance metrics. Creator Hub: creator profiles, content records, audience engagement signals.

Authentication

Email address for OTP-based sign-in. When signing in with Google, we receive your account email and profile name strictly as authorized by your Google account settings.

Technical Telemetry

Browser type, device, session timestamps, IP address, and application error signals used for security, reliability monitoring, and abuse prevention.

Service Delivery

To operate and improve all Treva modules including serving dashboards, executing queries, processing business records, and routing data to connected integrations on your behalf.

Authentication & Security

To verify identity, manage sessions, prevent unauthorized access, and detect abuse. OTPs expire within 10 minutes of issuance.

Support & Communication

To respond to support requests, deliver critical service alerts, and communicate significant policy or product changes. Treva does not send unsolicited marketing.

Google API Services

Treva connects to Gmail (email delivery and CRM sync), Google Drive (file storage), Google Contacts (import), Google Calendar (event scheduling), and Google Ads (campaign management). Treva's use of Google user data strictly follows the Google API Services User Data Policy, including the Limited Use requirements. Google user data is never used for advertising targeting or shared with third parties for unrelated purposes.

Meta Ads

Only tokens and campaign metrics you explicitly authorize are stored, used solely to power your Treva Ads analytics dashboard. No Meta user data is stored beyond what you authorize.

Exotel Telephony

Click-to-call in CRM shares only the destination phone number and your assigned agent number with Exotel. Call logs are stored within your organization's account and are not accessible to other tenants.

Payments (Razorpay)

Treva never stores payment card data. All payment processing is handled by the respective processor under their own PCI-DSS compliance programs.

No Selling

Treva does not sell, rent, or trade personal data to any third party, under any circumstance.

Infrastructure Partners

Data is hosted and processed by trusted cloud infrastructure providers for database hosting, API serving, and file storage. Each provider operates under strict data processing agreements with Treva.

Legal Disclosure

We may disclose data when required by law, court order, or governmental authority. We will notify you to the extent permitted by applicable law before complying with such requests.

Business Transfers

In the event of a merger or acquisition, affected users will be notified via email and in-app notice at least 14 days before any data transfer.

Tenant Isolation

Strict logical data isolation is enforced at the database level, ensuring no data access can cross organizational boundaries under any circumstances.

Encryption

All data in transit is protected by TLS 1.2+. Data at rest is encrypted using industry-standard encryption at the infrastructure level.

Sessions & Secrets

Session tokens are short-lived and scoped to your authenticated session. Integration credentials (OAuth tokens, API keys) are stored encrypted and never exposed in full to client applications. Only redacted representations appear in the UI.

Access & Portability

Request a full export of your organization's data anytime by contacting info@treva.in with your organization name and email for identity verification.

Correction & Deletion

Update account and contact data directly in Treva settings. Deletion requests are processed within 30 days, subject to legal retention obligations.

Revoke Integration Access

Disconnect any third-party integration anytime from Settings → Integrations. Revocation immediately terminates our access to that connected service.

Active Subscriptions

All operational data is retained for the duration of your active Treva subscription.

After Account Closure

Operational data is retained for 90 days after closure for recovery, then permanently deleted unless legal obligations require longer retention.

Audit Logs & Tokens

Audit logs are retained for a minimum of 2 years for compliance and dispute resolution. Integration tokens are deleted immediately upon disconnection.

Advance Notice

Material changes will be communicated via in-app notification and email at least 14 days before taking effect.

Continued Use

Continued use of Treva after a policy update constitutes acceptance of the revised terms. The latest version is always available at treva.in/privacy-policy.

Privacy Desk

info@treva.in, for data access, correction, deletion, or any privacy-related questions.

Registered Address

Treva Technologies Pvt. Ltd., Bengaluru, Karnataka, India.

Canonical URL

https://treva.in/privacy-policy