Privacy Policy

This Privacy Policy ("Policy") governs the collection, use, disclosure, and protection of personal and organizational data processed by TrioClick Digital Solutions Pty Ltd, a technology company incorporated in Australia, operating the TrioClick.ai platform ("Platform"). The Policy applies to all users, clients, partners, and visitors who interact with the Platform, its web services, and its integrated AI features. By accessing or using TrioClick.ai, users acknowledge that they have read, understood, and agreed to the practices described herein.

TrioClick.ai operates within multiple jurisdictions, including the UAE, Kingdom of Saudi Arabia, and Australia, and adheres to each region's applicable data-protection frameworks — notably the UAE PDPL, KSA PDPL, the Australian Privacy Act, and where relevant, the EU GDPR. TrioClick maintains compliance with the principles of transparency, accountability, purpose limitation, and data minimization, and aligns its security posture with ISO 27001 standards for information-security management.

This Policy covers all personal data processed through TrioClick.ai, including information provided during account registration, project creation, technical support via Zoho Desk, and optional AI-driven summaries or content generation through integrated OpenAI modules. It applies equally to online interfaces, mobile applications, and backend administrative systems used to deliver TrioClick's Software-as-a-Service (SaaS) offering.

TrioClick may update this Policy periodically to reflect evolving technologies, regulatory changes, or business practices. All amendments will be effective upon publication, and material changes will be communicated via email or in-app notice. Continued use of the Platform after such notice constitutes acceptance of the revised Policy.

TrioClick.ai collects data necessary to deliver its SaaS functionalities efficiently and securely. This includes account data (names, emails, organization, country, and authentication credentials); usage data (browser type, session timestamps, device identifiers, API calls, and interaction logs); and project data (textual or multimedia content uploaded by clients within their workspace). Optional collection occurs when users enable AI features that process text through OpenAI's secure API endpoints.

TrioClick also collects support data submitted through integrated systems such as Zoho Desk, including communication transcripts, attachments, and metadata for troubleshooting or product-improvement purposes. When accessing the Platform, certain technical data such as IP addresses, cookies, and regional time-zone settings are automatically captured to ensure security, localization, and compliance with regional data-residency requirements.

For enterprise clients, TrioClick may collect limited billing and financial information necessary for invoicing and tax compliance, processed through certified third-party payment providers compliant with PCI-DSS standards. No full credit-card information is stored directly on TrioClick's servers.

Sensitive data, such as personal identifiers or proprietary client information uploaded into projects, is encrypted in transit (TLS 1.3) and at rest (AES-256). TrioClick maintains strict access controls, ensuring that only authorized personnel with confidentiality agreements can access limited datasets for support or maintenance.

Data Sensitivity Classification. TrioClick processes multiple categories of data, including (i) Sensitive Client Data such as project reports, designs, commercially sensitive contract rates, strategic planning material, bids, invoices, and documents covered by NDAs; (ii) General Personal Data such as business names, job titles, business email addresses, and contact numbers; (iii) Sensitive Personal Data such as health-related information where provided by the Client; and (iv) Intellectual Property and Proprietary Project Data. TrioClick applies classification-specific safeguards including encryption, access controls, and strict need-to-know access.

TrioClick uses collected data solely for legitimate, explicit, and lawful purposes consistent with user consent and service delivery. Primary uses include user authentication, workspace management, AI-assisted content generation, feature optimization, and platform security monitoring. Each use is guided by the principle of data minimization — processing only what is required for the intended function.

Data collected through AI modules is used only for the generation of requested outputs and is not retained beyond the session unless a user elects to save or export results. TrioClick does not use such data to retrain AI models or share it with OpenAI beyond transient processing. When AI access is enabled, consent is captured through an explicit opt-in toggle within the Platform settings.

TrioClick may use anonymized and aggregated data to improve performance metrics, develop new features, and conduct analytical research aimed at enhancing service reliability. No personal identifiers are included in such analyses.

AI Processing of Project Data. When AI features are enabled, the Platform may process project-level data through a Retrieval-Augmented Generation ("RAG") workflow. TrioClick ensures that such processing complies with applicable data-residency, privacy, and client-specific policies. Depending on Client requirements, TrioClick may anonymize project data prior to transmitting it to AI subprocessors. All AI processing remains transient and is not used to retrain models.

TrioClick strictly prohibits secondary uses of personal data without user consent, including marketing, profiling, or disclosure to third parties for unrelated purposes.

The TrioClick.ai platform integrates AI modules that enable advanced summarization, categorization, and workflow automation through an API-based connection to OpenAI and similar approved vendors. These modules are strictly optional. When a user enables AI features, data submitted for processing may be transmitted securely to OpenAI's API for transient computation.

The processing of user data through AI systems occurs under explicit consent. Upon enabling any AI-related feature, users are prompted with a notice describing the categories of data that may be processed, the purpose of the operation, and the external processor involved. Such consent is recorded and can be withdrawn at any time by disabling the AI feature from account settings.

TrioClick requires that all AI subprocessors adhere to industry-standard privacy, security, and confidentiality protocols, including SOC 2 Type II and ISO 27001. TrioClick does not authorize its subprocessors to retain or repurpose user data for training, analytics, or marketing. Data submitted to AI engines is encrypted in transit and is neither permanently stored nor linked to user accounts beyond the processing window.

Users are responsible for ensuring that any third-party content or client information submitted for AI processing complies with applicable laws and internal policies. TrioClick disclaims liability for user-generated content that violates intellectual property, confidentiality, or data-protection obligations.

Project-Level Enablement and Consent. AI functionality is disabled by default and may only be enabled by a Project Administrator. Upon activation, all project users will receive an in-app notice describing the nature of the AI processing, applicable data categories, and potential cross-border transfers. Continuing to use project spaces after such notification constitutes consent to AI processing for project data.

TrioClick.ai engages carefully selected subprocessors to provide essential infrastructure, analytics, and customer support functions. These subprocessors operate under binding contractual agreements incorporating confidentiality, security, and privacy obligations. Core subprocessors currently include Zoho Desk (support management), OpenAI (AI-assisted text generation), and certified cloud-hosting providers located in the UAE, KSA, and Australia.

TrioClick does not sell, rent, or exchange personal data with third parties for commercial gain. Data sharing is limited to legitimate business and technical purposes such as cloud storage, security monitoring, payment processing, and customer support. All subprocessors are subject to due diligence assessments covering data-handling practices, access controls, encryption, and regional residency compliance.

Data disclosures may occur in limited circumstances required by law, regulation, or court order. TrioClick will only release such data upon verifying the legitimacy and scope of the request. If permitted by law, affected users will be notified prior to any release of their personal information.

Each subprocessor operates under a Data Processing Agreement (DPA) that mirrors TrioClick's obligations under applicable privacy laws. No subprocessor may further subcontract data-processing functions without TrioClick's written consent and verification of equivalent security standards.

TrioClick.ai employs a multi-regional data-residency architecture designed to comply with local privacy frameworks and minimize cross-border transfers. Primary hosting and processing occur in regional data centers located in the United Arab Emirates, the Kingdom of Saudi Arabia, and Australia, each operated by certified infrastructure providers under ISO 27001 and Tier 4 standards.

Cross-border data transfers are limited to cases where technical redundancy, support intervention, or AI processing through OpenAI's systems is necessary to fulfill user requests. In such cases, TrioClick implements appropriate safeguards including Standard Contractual Clauses (SCCs), encryption-in-transit, and lawful transfer mechanisms recognized under the UAE PDPL, KSA PDPL, Australian Privacy Principles, and GDPR.

TrioClick continuously evaluates emerging regulatory developments related to data sovereignty. Should TrioClick introduce additional data centers or subprocessors in new jurisdictions, users will be notified in advance, and all updates will be reflected in the publicly accessible Data Residency Policy. Users retain the right to request confirmation of their data's storage region and may opt out of cross-border transfers where technically feasible.

Third-Party Client-Provided Hosting Systems. Where the Client connects external document repositories such as Aconex, ACC, or SharePoint, the Client acknowledges that such systems may store or process data in regions outside the Client's preferred jurisdiction. TrioClick does not control, audit, or certify the residency compliance of Client-designated storage providers.

TrioClick.ai recognizes and upholds the rights of users under applicable privacy regulations, including the UAE PDPL, the KSA PDPL, and the Australian Privacy Act. These rights include access, correction, deletion, objection to processing, and data portability.

Right of Access and Correction. Users may request a copy of their personal data held by TrioClick at any time through their account dashboard or by contacting the Data Protection Officer. TrioClick will respond to verified requests within thirty (30) days in a structured and commonly used format.

Right to Deletion and Objection. Users may request the deletion of personal data where retention is no longer necessary for service delivery or compliance purposes. Users also have the right to object to specific processing activities, such as analytics or AI-assisted personalization, and may disable related features directly through their settings panel.

Right to Portability and Restriction. Upon request, users may obtain a copy of their data in a machine-readable format or request transmission to another service provider where technically feasible. TrioClick will not charge for exercising these rights unless requests are manifestly unfounded or excessive.

Visibility of Professional Contact Information Within Projects. When a user is added to a Project Space, the user acknowledges and consents that their business-related profile information (name, role, business contact details) will be visible to other authorized project members for collaboration and communication purposes.

TrioClick implements a multi-layered security framework based on ISO/IEC 27001 standards. Security measures include AES-256 encryption for data at rest, TLS 1.3 encryption for data in transit, regular penetration testing, and continuous system monitoring. All administrative access is restricted through multi-factor authentication (MFA) and logged under least-privilege principles.

TrioClick's internal security controls include mandatory background checks for authorized personnel, confidentiality agreements, and recurring training on privacy and data-protection awareness. The Platform undergoes periodic third-party audits to validate its compliance posture.

TrioClick retains personal data only for as long as necessary to fulfill the purpose for which it was collected. Retention periods vary: account and billing data are maintained for the duration of the contract plus seven (7) years for legal and tax compliance; operational and analytical data are retained for shorter periods, typically ninety (90) days to one (1) year.

Upon expiration or termination of a user account, TrioClick permanently deletes associated personal data following a structured data destruction protocol, which includes secure overwriting and cryptographic key rotation.

TrioClick.ai uses cookies, web beacons, and similar technologies to enhance the user experience, facilitate secure authentication, and improve service performance. TrioClick distinguishes between strictly necessary cookies (required for platform operation), functional cookies (for personalization), and analytics cookies (for measuring usage trends and system efficiency).

Analytics data is collected in an aggregated and pseudonymized form. TrioClick does not use cookies for behavioral advertising or cross-site tracking. Users may disable non-essential cookies at any time without affecting core functionality.

TrioClick periodically reviews its use of cookies and analytics tools to ensure compliance with emerging legal frameworks such as the ePrivacy Directive and comparable regional regulations. The Company provides a full Cookie Statement upon request or via the footer link on its primary website.

TrioClick.ai is a business-oriented platform and is not designed for use by children or minors. The Company does not knowingly collect or process any personal data from individuals under the legal age of consent as defined in applicable data-protection laws. If a user under this age inadvertently provides personal data, such information will be promptly deleted once identified or upon notification by a parent or guardian.

TrioClick maintains a strict internal review process to ensure that new features or integrations do not target or profile minors. All marketing, AI, and analytics tools are configured to exclude any age-inferred data that could identify children or vulnerable individuals.

TrioClick.ai may revise this Privacy Policy from time to time to reflect changes in laws, industry standards, or the Company's operational practices. Whenever material changes occur, TrioClick will notify users by email or prominent in-app alerts prior to the effective date of the new version.

If users disagree with any updated terms, they may deactivate their account or withdraw consent to specific processing activities before the new version becomes effective. Continued use of the Platform after the effective date constitutes acceptance of the revised Policy.

All archived versions of this Policy are retained by the Company to provide an auditable history of compliance. TrioClick's Compliance and Legal teams review policy updates to ensure that all modifications remain consistent with the governing data-protection frameworks of the UAE, KSA, and Australia.

Users may direct all privacy-related questions, access requests, or complaints to TrioClick's Data Protection Officer (DPO) via the following channels:

TrioClick strives to respond to all verified communications within thirty (30) days. If users are dissatisfied with the handling of their inquiry, they may lodge a complaint with the relevant supervisory authority in their jurisdiction — for example, the UAE Data Office, the Saudi Authority for Data and Artificial Intelligence (SDAIA), or the Office of the Australian Information Commissioner (OAIC). TrioClick cooperates fully with all regulatory authorities and remains committed to lawful resolution of data-protection concerns.