Privacy Policy
Last updated: July 14, 2026
1. Introduction
TriBalance LLC (“we,” “us,” or “our”) is committed to protecting the privacy and security of your data. This Privacy Policy explains how we collect, use, store, and protect information when you use TriBalance (“the Service”).
Trust account data is among the most sensitive information a law firm handles. We treat it accordingly.
2. Information We Collect
2.1 Information You Provide
- Account information: Name, email address, law firm name, bar number, and billing information when you create an account.
- Trust account data: Bank statements, transaction records, client ledgers, reconciliation reports, and all other documents and data you upload to or generate through the Service.
- Communications: Any messages, inquiries, or support requests you send to us.
2.2 Information Collected Automatically
- Usage data: Pages visited, features used, time spent, and actions taken within the Service.
- Technical data: IP address, browser type, device information, operating system, and referring URLs.
- Authentication data: Login timestamps, session information, and security-related events.
2.3 Information We Do NOT Collect
- We do not access, collect, or store your bank account credentials. Bank data is provided through files you upload.
- We do not sell, rent, or trade your personal information or trust account data to third parties.
- We do not use your trust account data to train machine learning models or for any purpose other than providing the Service to you.
3. How We Use Your Information
We use your information exclusively to:
- Provide, maintain, and improve the Service
- Process reconciliation computations and generate reports
- Authenticate your identity and secure your account
- Communicate with you about your account, billing, and Service updates
- Detect, prevent, and address technical issues, security incidents, or fraudulent activity
- Comply with legal obligations
We do not use your trust account data for any purpose other than providing the Service to your organization.
4. Data Storage and Security
Infrastructure: The Service is hosted on Vercel and Supabase, with data stored in secure, SOC 2-compliant data centers in the United States. All data is encrypted in transit (TLS 1.3) and at rest (AES-256).
Access controls: Your trust account data is isolated at the database level through row-level security (RLS). Each user can only access data belonging to their organization. All access is logged and auditable.
Authentication: We use Supabase Auth for identity management. Passwords are hashed and never stored in plaintext. We support multi-factor authentication (MFA).
Monitoring: We maintain audit logs of all access to trust account data, including who accessed what data and when. Unusual access patterns trigger automated alerts.
No system is impenetrable. While we implement industry-standard security measures, we cannot guarantee absolute security. You share responsibility by maintaining strong credentials, enabling MFA, and promptly notifying us of any unauthorized access.
5. Third-Party Service Providers
We use the following third-party services to operate the Service. Each processes data only as necessary to provide their respective services:
- Supabase — Database hosting and authentication (SOC 2, GDPR compliant)
- Vercel — Application hosting and edge functions (SOC 2, GDPR compliant)
- Resend — Transactional email delivery (only if RESEND_API_KEY is configured)
We do not share your data with any other third parties except as required by law or with your explicit consent. A list of current subprocessors is maintained at /legal/subprocessors.
6. Data Retention
We retain your trust account data for the duration of your active subscription. After cancellation or termination:
- Your data remains accessible for thirty (30) days to allow export
- After thirty (30) days, your data is permanently deleted from our active systems
- Backup archives may retain encrypted copies for up to ninety (90) days as part of standard disaster recovery processes
- We may retain anonymized, aggregated data indefinitely for analytics and service improvement
You may request earlier deletion of your data by contacting us at privacy@trybalance.io. We will comply within thirty (30) days, subject to any legal retention obligations.
7. Your Rights and Choices
Depending on your jurisdiction, you may have the following rights regarding your personal data:
- Access: Request a copy of your personal data we hold
- Correction: Request correction of inaccurate personal data
- Deletion: Request deletion of your personal data
- Portability: Request transfer of your data in a structured, machine-readable format
- Objection: Object to certain processing of your data
To exercise any of these rights, contact us at privacy@trybalance.io. We will respond within thirty (30) days. We may need to verify your identity before processing your request.
8. Cookies
The Service uses essential cookies for authentication and security (session management, CSRF protection). We do not use tracking cookies, advertising cookies, or analytics cookies that track you across websites. No cookie consent banner is required because we use only strictly necessary cookies.
9. Children's Privacy
The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that a child under 18 has provided us with personal information, we will delete it promptly.
10. International Data Transfers
The Service is operated in the United States. If you access the Service from outside the United States, your data will be transferred to, stored, and processed in the United States. By using the Service, you consent to this transfer. We ensure that such transfers comply with applicable data protection laws through standard contractual clauses or equivalent safeguards.
11. Data Breach Notification
In the event of a data breach involving your trust account data or personal information, we will notify you within seventy-two (72) hours of becoming aware of the breach, describing the nature of the breach, the data affected, the measures taken to address it, and recommended steps for you to take.
12. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated to you by email or through a notice on the Service at least thirty (30) days before the changes take effect. Your continued use of the Service after any changes constitutes acceptance of the updated policy.
13. Contact
For privacy-related inquiries or to exercise your data rights:
TriBalance LLC
Email: privacy@trybalance.io
Address: [Registered agent address in Delaware]