Trenith AI
Join the beta
SecurityPlain English

How we handle your Stripe data.

No fluff, no marketing, no “bank-grade.” Just the actual facts about how this works.

At-a-glance
Stripe calls
Read-only
Encryption at rest
AES-256
Encryption in transit
TLS 1.3
Tenant isolation
Postgres RLS
Region
AWS us-east-1
LLM training on your data
Never
Card numbers stored
Never (not exposed)
SOC 2 Type I
Targeted Q3 2026

What Stripe access do we request?

Stripe Connect OAuth. The scope Stripe grants to new Connect apps is `read_write`, but every call we make is read-only — list and retrieve. We never charge, refund, modify subscriptions, or create anything on your account. If you want to audit this, every Trenith AI API call shows up in your Stripe dashboard under Logs.

Where is the data stored?

Postgres on Supabase (AWS us-east-1), encrypted at rest with AES-256. Every customer’s data is isolated using row-level security (RLS) policies — enforced at the database level so no query can cross tenant boundaries.

How is it transmitted?

TLS 1.3 end-to-end. No cleartext data ever crosses a wire.

Do we train LLMs on your data?

No. Your data is never sent to third-party models for training. We call LLMs with just-in-time context windows that are discarded after each brief is generated. Every brief includes a disclosure: "This brief was generated with AI assistance."

No middleware, no LangChain.

Trenith AI calls LLM providers directly — no LangChain, no vector-database middleware, no orchestration frameworks. In 2025 alone, prompt-injection attacks caused $2.3B in losses across the industry. We keep our attack surface as small as possible: direct API calls, read-only behavior on your Stripe account (every call is list/retrieve), no orchestration middleware.

Who on our team can see your data?

Two of the three Trenith founders, as of April 2026. Every access is logged. We will post our access-log policy publicly before hiring anyone outside the three of us.

What happens if you cancel?

Your dashboard goes read-only for 90 days. After that, we delete everything. You can request immediate deletion at any time by emailing info@trenith.com — we do it in under 48 hours.

Do we store card numbers?

We don't have them. Stripe doesn't expose card data through the API we use. Even if we wanted to (we don't), we couldn't.

Audit readiness?

SOC 2 Type I — targeted Q3 2026. GDPR-aligned data handling from day one. EU AI Act Article 50 compliance (AI-generated content disclosure) implemented. If you need a DPA, email us.

Questions we haven't answered? Write to info@trenith.com. We respond within a business day.