Privacy Policy

TrytonApp (“Tryton,” “we,” “us,” or “our”) operates the Tryton mobile application (the “App”) and the website at trytonapp.com (the “Site”). This Privacy Policy explains what information we collect, how we use it, and your choices regarding that information.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

• Email address
• If you register with email and password: password stored as a cryptographic hash (we never store plaintext passwords)
• If you use Sign in with Google: you may not have a separate Tryton password; Google authenticates you under its own terms and policies
• First and last name (entered in the App or pre-filled from your Google account when you use Sign in with Google)
• Field of study and year in school (optional)

If you choose Sign in with Google, Google processes certain information when you authenticate. How Google uses that data is described in Google's Privacy Policy. We receive from our authentication provider (Supabase) the identifiers and profile elements Google shares for that login (typically including your email address and name), which we store and use as described in this policy.

1.2 Organization Information

When you create or join an organization, we collect:

• Organization name, university, and type (e.g., fraternity, sorority, study group)
• Your role within the organization (owner, admin, member, or advisor/observer)
• Invite code usage

1.3 Location Data

Location data is central to how Tryton works. We collect GPS coordinates (latitude and longitude) in the following situations:

• Zone creation and editing — to place study zones on the map
• Zone detection — to verify you are within a study zone when starting a session
• Active study sessions — while a session is active, we run periodic checks (typically on a few-second interval while the App is open) to help confirm you remain in the zone. When you grant background or “Always” location access, we may also receive limited location updates from the operating system only for the duration of an active study session so zone and session rules can still be evaluated when the App is not in the foreground. Background updates are throttled by the OS (for example by time or distance) and are not continuous tracking.
• Session start and end — your entry and exit locations are recorded with each study session (subject to availability and accuracy of GPS)
• Pulse checks — if your organization enables presence verification, we may send you local notifications on a schedule they configure. We may record your location when you confirm a pulse in the App. Enforcement of missed pulses does not depend on whether you receive or open a notification; the App evaluates session rules when it runs, including after you return to the App.

We use “balanced” accuracy for session-related location updates and, in the foreground, may reject readings with accuracy worse than 100 meters for certain checks. We do not use location for study sessions when you are not in an active session, and we stop session-scoped background location when your session ends or you log out.

1.4 Study Session Data

When you use the App to track study hours, we collect:

• Session start and end times
• Session duration
• The zone where the session took place
• Session status (active, completed, paused, or cancelled)
• When pulse checks are enabled for your organization: pulse request and expiry times, pulse outcome (for example verified, missed, or cancelled), and related timestamps stored with your session

Study session start, completion, and certain sync operations are processed through secure server functions so that times and rules are applied consistently with your organization's settings. Offline or delayed completions may be accepted within limits defined on the server.

1.5 Device and Usage Data

• Error and crash reports — collected via Sentry, including device model, OS version, stack traces, and breadcrumbs
• Session replay — Sentry may record a visual replay of 10% of sessions (100% of sessions where an error occurs) to help us diagnose bugs. Replays do not capture text input content.
• Product analytics events — we track limited events (e.g., signup completed, organization created) to understand feature usage

1.6 Payment Information

Payments for the Pro subscription are processed entirely by Stripe. We do not receive or store your credit card number, CVV, or billing address. Stripe provides us only with a transaction confirmation and your email address for receipt purposes.

1.7 Data Stored on Your Device

The App stores limited data locally on your device for offline functionality and preferences:

• Authentication session tokens
• Theme preference (light, dark, or system)
• Onboarding completion status
• Cached active session data, session engine state needed to resume after an interruption, and a queue of pending start/end operations (synced to the server when connectivity is restored)

2. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the App
• Verify your presence in study zones via geofencing
• Track and display study session history and statistics
• Enable organization features (leaderboards, weekly goals, compliance reports)
• Send weekly email reports to opted-in organization administrators
• Process subscription payments
• Diagnose technical issues and improve reliability
• Prevent fraud and abuse (e.g., rate limiting)

3. How We Share Your Information

We do not sell your personal information. Where the California Privacy Rights Act (CPRA) applies, we also do not share personal information for cross-context behavioral advertising as defined under that law. We share data only with the following service providers, solely to operate the App:

Within Your Organization

Organization administrators and owners can view member names, study session data, and compliance statistics for members of their organization. This is a core feature of the App and is visible to members before they join.

4. Data Retention

• Account data — retained for as long as your account is active. You may request deletion at any time.
• Study session data — retained for the duration of your organization membership. Aggregated statistics may be retained after you leave.
• Location data — entry and exit coordinates are stored with each session record. Pulse responses may store a verification location when your organization uses that feature. We do not retain continuous location tracks or a full GPS history of your movements.
• Error and crash reports — retained in Sentry for 90 days.
• Local device data — cleared when you log out of the App.

5. Your Rights and Choices

Location Permissions

You can revoke location permissions at any time through your device settings. Without at least foreground location access, you will not be able to start study sessions or create zones. For reliable session and pulse enforcement while a session is active, the App may ask for “Always” or background location; if you decline, some session rules may not run until you open the App again. You can still view your history and organization data where the App allows.

Notifications

If you allow notifications, we may deliver local notifications for pulse checks during active sessions. You can adjust notification settings on your device; missing a notification does not by itself extend a study session beyond your organization's rules.

Email Communications

Weekly email reports are opt-in. You can enable or disable them from your profile settings within the App.

Access, Correction, and Deletion

You have the right to:

• Access your personal data by contacting us
• Correct inaccurate data through the App or by contacting us
• Delete your account and all associated data directly from the App (Profile → Account → Delete Account), or by contacting us at support@trytonapp.com. Deletion is processed immediately when initiated from the App. Email requests are processed within 30 days.
• Export your data in a portable format upon request

California Residents (CCPA / CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including the right to know what personal information we collect, the right to request deletion, the right to correct inaccurate personal information (where applicable), and the right to opt out of the sale of personal information or the sharing of personal information for cross-context behavioral advertising, as those terms are defined under California law. We do not sell personal information and we do not share it for cross-context behavioral advertising as defined under the CPRA. We limit use of sensitive personal information (including precise geolocation used for study sessions as described in this policy) to the purposes disclosed here. To exercise your California privacy rights, contact us at support@trytonapp.com.

6. Data Security

We use industry-standard security measures to protect your data, including encrypted connections (TLS), secure password hashing for email-and-password accounts, row-level security policies on our database, and rate limiting on sensitive endpoints. Social sign-in (e.g. Google) is handled through our authentication provider using industry-standard protocols. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

7. Data Storage Location

Your data is stored and processed in the United States. Our servers, database infrastructure, and primary third-party service providers (including Supabase, Stripe, and Sentry) are located in the United States. Device vendors (such as Apple or Google) may process limited data on their own infrastructure when you use their operating systems, app stores, or notification services, as described in Section 3.

The App is intended for users in the United States only. We do not knowingly collect information from users outside the United States. If you are located outside the United States and choose to use the App, you understand and consent to the transfer and processing of your information in the United States, where data protection laws may differ from those in your country.

We do not transfer personal data to countries outside the United States for processing and do not maintain servers or data centers in other jurisdictions.

8. Age Eligibility

The App is intended for users who are 18 years of age or older. We do not permit users under 18 to create accounts.

We do not knowingly collect personal information from individuals under 18. If we learn that we have inadvertently collected information from someone under 18, we will delete that information promptly. If you believe someone under 18 has provided us with personal information, please contact us immediately at support@trytonapp.com.

Parents or guardians who become aware that their child has provided us with information without their consent should contact us, and we will take steps to remove such information and terminate the account.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date at the top of this page and may notify you through the App or via email. Your continued use of the App after changes are posted constitutes acceptance of the updated policy.

10. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at:

support@trytonapp.com