TrilodexTrilodex

Data Processing Agreement

Last updated: June 2026

Overview

This Data Processing Agreement (“DPA”) applies when Trilodex processes personal data on behalf of a client in connection with the use of our software, mobile applications, or related services.

Roles

The client acts as the “Data Controller” and determines the purpose and manner in which personal data is used. Trilodex acts as the “Data Processor” and processes personal data only in accordance with the client’s instructions and applicable data protection laws (including UK GDPR).

Data we process

Depending on the application, we may process:

  • User account data (name, email address, login credentials)
  • Profile and activity data (usage, interactions, performance data)
  • Device and technical data (IP address, device type, OS)
  • Application content submitted by users (e.g. scores, bookings, messages)
  • Payment metadata via third-party providers (e.g. Stripe — card data is not stored by Trilodex)

Purpose of processing

Data is processed solely for the purpose of:

  • Providing and maintaining software services
  • User authentication and account management
  • Application functionality and performance
  • Analytics and service improvement
  • Technical support and issue resolution

Subprocessors

The client authorises Trilodex to use third-party subprocessors to deliver services, including:

  • Hosting providers (e.g. AWS, Vercel)
  • Database providers (e.g. Supabase, Firebase)
  • Authentication services
  • Analytics and monitoring tools (e.g. Sentry, Firebase Analytics)
  • Payment processors (e.g. Stripe)

All subprocessors are required to implement appropriate data protection and security measures.

Security measures

Trilodex implements appropriate technical and organisational measures to protect personal data, including:

  • Encryption of data in transit and at rest where supported
  • Access control and authentication systems
  • Role-based access restrictions
  • Secure cloud infrastructure
  • Monitoring and incident detection

International transfers

Personal data may be processed outside the UK or EEA. Where this occurs, appropriate safeguards are used, such as Standard Contractual Clauses or equivalent legal mechanisms.

Data retention and deletion

Upon termination of services, personal data will be deleted or returned to the client upon request, unless retention is required by law or legitimate business needs.

Data subject rights

Trilodex will reasonably assist the client in responding to requests from individuals exercising their data protection rights under applicable law.

Liability

Liability is subject to the limitations set out in the main Terms of Service agreement between Trilodex and the client, unless otherwise required by law.

Contact

If you have any questions about this agreement, contact us at admin@trilodex.com.