← Back to home

Privacy Policy

Data Controller

Trinkt ("we", "us", "our") operates trinkt.co and is the data controller responsible for your personal data. For privacy inquiries, contact us at hello@trinkt.co.

What We Collect

Trinkt collects minimal information necessary to provide the service:

  • Email address (for authentication and notifications)
  • Username (chosen by you, publicly visible to friends)
  • Trinkts you create, send, and receive
  • Friend connections and friendship tiers
  • Reactions to trinkts you send or receive
  • Streak data (consecutive days sending trinkts)
  • Push notification subscription data (if enabled)
  • Device and browser information for error monitoring

Legal Basis for Processing (GDPR)

We process your personal data under the following legal bases:

  • Contract: Processing necessary to provide Trinkt services you requested
  • Consent: Email notifications and push notifications (you can opt out anytime)
  • Legitimate Interest: Error monitoring and service improvement

How We Use Your Data

Your data is used solely to operate Trinkt. We do not sell, share, or use your data for advertising purposes. Trinkts are only visible to the sender and recipient. Specifically, we use your data to:

  • Authenticate you and maintain your session
  • Enable sending and receiving trinkts with friends
  • Send email notifications (if enabled)
  • Send push notifications (if enabled)
  • Track streaks and generate your annual summary
  • Monitor and fix errors in the application

Third-Party Services

We use the following third-party services to operate Trinkt:

  • Supabase (database, authentication, file storage) — stores your account data, trinkts, and friendships. Located in AWS US regions.
  • Resend (email delivery) — receives your email address to send authentication codes and trinkt notifications.
  • Sentry (error monitoring) — receives error reports with anonymized user context to help us fix bugs.
  • Vercel (hosting) — hosts the application and processes requests.
  • Upstash (rate limiting) — processes request metadata to prevent abuse. No personal data is stored.
  • PostHog (product analytics) — receives anonymized usage data including page views, feature interactions, and device information to help us improve the product. Located in the United States.

These services are bound by their own privacy policies and data processing agreements.

International Data Transfers

Your data may be transferred to and processed in the United States, where our service providers (Supabase, Resend, Sentry, Vercel, PostHog) operate. These transfers are protected by Standard Contractual Clauses (SCCs) approved by the European Commission, along with supplementary measures including encryption in transit and at rest. We have assessed these transfers and determined that adequate protections are in place.

Data Retention

We retain your data as follows:

  • Unsent trinkts: Automatically deleted at the daily 6 AM reset
  • Sent trinkts: Kept until you or the recipient deletes their account
  • Account data: Kept until you delete your account
  • Streak history: Kept until you delete your account
  • Error logs: Automatically deleted after 90 days

Cookies and Local Storage

Trinkt uses essential cookies and browser storage for authentication and functionality. We do not use advertising or tracking cookies.

  • Authentication cookies: Maintain your logged-in session
  • Service worker: Enable push notifications and offline functionality
  • Local storage: Store user preferences

Your Rights

Under GDPR and other privacy laws, you have the right to:

  • Access: Request a copy of your personal data
  • Portability: Download your data in a machine-readable format
  • Rectification: Update or correct your personal data
  • Erasure: Delete your account and all associated data
  • Restriction: Limit how we process your data
  • Objection: Object to processing based on legitimate interests
  • Withdraw consent: Turn off notifications at any time

You can exercise these rights in the Settings page or by contacting us at hello@trinkt.co.

Data Security

We protect your data with industry-standard security measures including:

  • TLS encryption for all data in transit
  • Encryption at rest for stored data
  • Row-level security policies in the database
  • Rate limiting to prevent abuse
  • Regular security audits

Children's Privacy

Trinkt is not intended for children under 13 years of age. We do not knowingly collect personal data from children under 13. If you believe a child under 13 has provided us with personal data, please contact us immediately at hello@trinkt.co and we will promptly delete that information.

We collect the following categories of information: account identifiers (email, username), user-generated content (trinkts, messages, reactions), social connections (friendships), and activity data (streaks). This information is used solely to provide the Trinkt service. We do not condition a child's participation on providing more information than reasonably necessary.

California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act and California Privacy Rights Act:

  • Right to Know: Request information about what personal data we collect, use, and disclose
  • Right to Delete: Request deletion of your personal data
  • Right to Correct: Request correction of inaccurate personal data
  • Right to Opt-Out of Sale/Sharing: We do not sell or share your personal information for cross-context behavioral advertising
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

Categories of Personal Information Collected: Identifiers (email, username), user-generated content, social connections, internet activity (page views, interactions), and inferences drawn from the above.

We Do Not Sell Personal Information. We have not sold personal information in the preceding 12 months and do not have actual knowledge of selling personal information of minors under 16 years of age.

To exercise your California privacy rights, visit the Settings page in the app or contact us at hello@trinkt.co. We will respond to verifiable requests within 45 days.

Changes to This Policy

We may update this privacy policy from time to time. We will notify you of significant changes by email or through the app. Continued use of Trinkt after changes constitutes acceptance of the updated policy.

Contact

For privacy inquiries, data requests, or complaints, contact us at hello@trinkt.co.

If you are in the EU and are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.

Last updated: March 17, 2026