TriArchComm Privacy Policy

Effective Date: April 14, 2026

Draft notice: this policy should be reviewed by the business owner and legal advisor before production use.

1. Introduction

TriArchComm is a private, invite-only internal communications platform operated by TriArch Solutions. This app is designed exclusively for authorized employees and is not available to the general public. This policy describes how we collect, use, and protect your information.

2. Information We Collect

  • Account information: Full name, display name, email address, and assigned role, provided by your administrator when your account is created.
  • Messages: Text messages and image attachments sent within channels. Messages are retained for 24 hours in the live system, then archived for up to 90 days before permanent deletion.
  • Device information: Push notification tokens (Expo push tokens) to deliver notifications to your device.
  • Profile photo: An optional avatar image you upload.
  • Usage data: Login timestamps and audit log entries for security monitoring.

3. How We Use Your Information

  • To provide the internal messaging and store management features of the app.
  • To send push notifications about new messages (notifications never include message content).
  • To maintain audit logs for security compliance.
  • To monitor and fix application errors via Sentry (all personally identifiable information is scrubbed before transmission).

4. Data Storage and Security

Your data is stored on Supabase (PostgreSQL) with row-level security policies enforcing access control. All data is encrypted in transit via TLS. Mobile sessions are encrypted at rest using AES-256 in the device secure enclave. The app uses SSL certificate pinning to prevent man-in-the-middle attacks.

5. Data Retention

  • Live messages: Automatically deleted after 24 hours.
  • Archived messages: Retained for up to 90 days, then permanently purged.
  • Audit logs: Retained indefinitely for security compliance (append-only, no modification or deletion).
  • Push tokens: Removed when you sign out or delete your account.

6. Data Sharing

We do not sell, rent, or share your personal information with third parties for marketing or advertising purposes. Your data is only accessible to authorized administrators within your organization and the following service providers used to operate the platform:

  • Supabase: Database hosting and authentication.
  • Sentry: Error monitoring (PII is scrubbed before transmission).
  • Expo: Push notification delivery.

7. Your Rights

You have the right to:

  • Access your data: View your profile information within the app.
  • Delete your account: You can delete your account from the Profile screen in the mobile app. This permanently removes your profile, push tokens, message read receipts, and store assignments. Your authentication identity is also removed.
  • Contact us: Email triarchcommsupport@gmail.com for any data-related requests.

8. Children's Privacy

This app is not intended for use by anyone under the age of 18. Access is restricted to authorized employees only.

9. Changes to This Policy

We may update this privacy policy from time to time. Changes will be reflected on this page with an updated effective date.

10. Contact

If you have questions about this privacy policy, contact us at triarchcommsupport@gmail.com.