Updated: October 13, 2025

Privacy Policy

Trench (“we”, “us”, “our”) respects your privacy and is committed to protecting your personal data. This Privacy Policy describes how we collect, use, disclose, and safeguard your personal data when you use our website, tools, products, and webshop (collectively, the “Services”). It also explains your rights under applicable data protection laws, including the EU’s General Data Protection Regulation (GDPR).

By using or accessing our Services, you agree to the terms of this Privacy Policy. If you do not agree, please do not use the Services.

1. Scope and applicability

This Privacy Policy applies to all operations of Trench in relation to the Services, whether you are a visitor, user, customer, or other interacted party. It covers personal data that you provide to us, data we collect automatically, and data we share with third parties in accordance with this Policy.

We also maintain a separate Cookie Policy that describes how we use cookies and similar tracking technologies.

2. Data controller

Trench is the data controller responsible for your Personal Data under this Privacy Policy.

3. Personal Data we collect

We collect personal data relating to you (“Personal Data”) as follows:

Personal Data You Provide: We collect Personal Data if you create an account to use our Services or communicate with us as follows:

  • Account / registration information: name, email address, password (hashed), other profile data.
  • Tool / product inputs: any data, text, files, or information you enter into or upload to our tools, web interfaces, or APIs.
  • Order / transactional data: shipping address, billing address, contact phone, purchase history.
  • Payment / billing data: We do not store full credit card numbers or CVV codes; these are handled via third-party payment processors. We may store payment invoice data, transaction identifiers, etc.
  • Communications & support: messages, emails, chat logs, feedback, survey responses.
  • Marketing opt-ins: where you consent, your preferences and consent status.

Personal Data We Receive from Your Use of the Services: When you visit, use, or interact with the Services, we receive the following information about your visit, use, or interactions (“Technical Information”):

  • Usage and analytics data: pages visited, features used, session durations, click paths, error logs.
  • Technical / device data: IP address, device type, browser type/version, operating system version, screen resolution, device identifiers.
  • Log data: server logs, timestamps, referrer URLs, query parameters, network information.
  • Cookies / local storage / similar technologies: for authentication, preference storage, analytics, and functional purposes (per our separate Cookie Policy).

We may derive new data (e.g. anonymized or aggregated statistical data) from the data above, which no longer identifies individuals, and we may use such data for analytics, research, or product improvement.

In certain cases, we may receive personal data about you from third-party sources (e.g. identity verification, fraud prevention, shipping/delivery partners). We will only use such data consistent with this Policy and applicable law.

3. How we use Personal Data

We may process Personal Data for the following purposes:

Purpose Legal Basis Description
To provide and operate our Services Performance of a contract We use your information to deliver tools, downloads, and webshop purchases, ensuring they function as intended.
To manage your account Performance of a contract We process data to enable login, access to purchases, and management of your preferences.
To process payments Performance of a contract Payment data is handled securely through third-party providers to complete your purchases.
To analyze usage and improve our Services Legitimate interest We use analytics data to understand user behavior, improve performance, and develop new features.
To send service updates or administrative messages Legitimate interest / Legal obligation We may send notifications about changes to our services, policies, or your account.
To comply with legal obligations Legal obligation We retain certain data to comply with accounting, tax, or regulatory requirements.
To send marketing communications (if opted in) Consent If you’ve given consent, we use your data to send newsletters, offers, or product updates. You can withdraw consent anytime.

When we rely on legitimate interest, we conduct balancing tests to ensure your privacy interests do not override our interest.

If we ever need to process your personal data for a new purpose not disclosed in this policy, we will update this policy and, if required by law, seek your consent.

4. Use of tool input data & model / service improvement

Because your data (inputs and outputs) may be used by certain of our tools or products, here’s how we handle it:

  • We use the data you provide as input to these tools to produce results or outputs.
  • With your consent or where permitted, we may use anonymized or aggregated input/output data for model improvement, training, or research.
  • You may have the option (if relevant) to opt out of having your data used for training/improvement beyond service provision.
  • We will clearly flag tools or features where input or usage data may be retained or used for further processing beyond your immediate service use.
  • If you exercise your deletion/right to erasure, we will remove your input/output data as expeditiously as feasible, subject to legal or contractual constraints.

We do not use your data for purposes incompatible with the ones disclosed at the time of collection.

5. How we share your Personal Data

We may share personal data with third parties under strict conditions:

  • Service providers and processors: hosting providers, cloud infrastructure, payment processors, email providers, analytics services, etc. These entities act as “processors” and are bound by contractual obligations to protect data and only use it for specified purposes.
  • Affiliates and subsidiaries: for internal operations, where permitted by law and consistent with this policy.
  • Legal or regulatory requests: when required by law, court order, or authority.
  • Business transfers: in the event of merger, sale, reorganization, or acquisition, your personal data may be transferred under appropriate safeguards.
  • Public / anonymized disclosures: we may publish aggregated, de-identified statistics or reports that do not identify you individually.

We do not sell or rent your personal data to third parties for their independent marketing use.

6. International transfers & safeguards

If we transfer your personal data outside the European Economic Area (EEA) (including to countries without an adequacy decision), we will do so under appropriate safeguards, such as:

  • EU Standard Contractual Clauses (SCCs)
  • Binding corporate rules
  • Other lawful mechanisms permitted under the GDPR

We will ensure your rights and protection travel with your data.

7. Data retention

We will retain your personal data only as long as needed to satisfy the purposes in this policy, or as required by law.

Specific retention practices:

  • Account / profile data: retained until account deletion, or for a reasonable grace / archival period.
  • Transactional data: retained for accounting, tax, audit, or legal compliance (e.g. up to 5-10 years, depending on jurisdiction).
  • Tool / input/output data: retained for as long as needed for service provision, user support, or improvement (unless you request deletion).
  • Usage / analytics logs: retained for a limited duration (e.g. months to a few years), then aggregated or purged.
  • Backups / archival data: securely stored; removed or anonymized when no longer needed.

When data is no longer necessary, we securely delete or anonymize it.

8. Security

We maintain appropriate technical and organizational measures to protect your personal data against unauthorized access, disclosure, alteration, or destruction, including:

  • Encryption in transit (e.g. TLS) and at rest (industry standard)
  • Access controls and role-based permissions
  • Regular security audits, vulnerability assessments, and monitoring
  • Data minimization, pseudonymization, and anonymization where feasible
  • Incident response plans and breach notification processes

While we strive to protect your data, no system is completely secure. In the event of a data breach affecting your personal data, we will notify you and relevant authorities as required by law.

9. Your rights under the GDPR

Under the GDPR and applicable data protection laws, you have the following rights, subject to certain limitations:

  • Right of access – request access to your personal data.
  • Right to rectification – correct inaccurate or incomplete data.
  • Right to erasure (“right to be forgotten”) – request deletion under certain conditions.
  • Right to restriction of processing – ask us to limit how we process your data.
  • Right to data portability – receive your data in a structured, commonly used, machine-readable format.
  • Right to object – object to processing based on legitimate interests or direct marketing.
  • Right to withdraw consent – where processing is based on consent, you may withdraw it at any time.
  • Right to lodge a complaint – with your local supervisory authority (e.g. in Denmark: Datatilsynet).

To exercise any of these rights, or for questions about your data, contact us at matias.v.drejer(at)gmail.com. We will respond within applicable legal timeframes (typically within one month, possibly extended by two further months if complex).

10. Children's privacy

Our Services are not intended for children under the age of 13 (or higher minimum age in your jurisdiction). We do not knowingly collect personal data from children under that age. If we learn that we have inadvertently collected data from a child, we will delete it as soon as possible.

If you believe we have collected data from a child without consent, please contact us to request deletion.

11. Changes to this Privacy Policy

We may modify this Privacy Policy from time to time to reflect changes in our processes, services, or legal obligations. We will post a notification on the website and update the “Last updated” date. Material changes will be highlighted, and when required by law, we’ll ask for renewed consent or inform you in advance.

Continued use after updates means agreement to the updated Policy.

12. How to contact us

If you have questions, concerns or requests about this Privacy Policy or our data practices, contact: matias.v.drejer(at)gmail.com

If you are in the EU and believe your rights under the GDPR have been violated, you may also lodge a complaint with your supervisory authority (e.g. Denmark’s Datatilsynet: https://www.datatilsynet.dk).