Legal

Privacy Policy

Effective Date: May 10, 2026    Last Updated: May 10, 2026

A privacy policy for the Tregox visual information, screenshot, snip, knowledge, and documentation management platform.

1.Introduction

Welcome to Tregox ("Tregox," "we," "our," or "us"). Tregox provides a visual information, screenshot, snip, knowledge, and documentation management application for mobile, desktop, and web environments. Tregox enables users and organizations to capture, store, categorize, search, annotate, manage, and share screenshots, snippets, and related documentation using intelligent tagging, custom organization tools, collaboration features, and optional AI assisted capabilities.

We are committed to protecting your privacy and providing transparency about how personal data and user generated content are collected, processed, stored, disclosed, protected, retained, and deleted.

This Privacy Policy is intended to address applicable privacy and data protection requirements, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA and CPRA), and other applicable privacy laws.

2.Scope of this Privacy Policy

This Privacy Policy applies to personal data processed through the Tregox website, applications, browser extensions, desktop tools, mobile applications, APIs, customer support channels, and related services (collectively, the "Service").

This Privacy Policy does not apply to third party websites, applications, integrations, or services that are governed by their own privacy policies.

3.Our Role: Controller and Processor

Tregox may act as either a data controller or a data processor depending on the context of the processing.

  • Controller role: Tregox acts as a data controller with respect to personal data collected directly from users, such as account registration data, billing information, website analytics, support communications, and direct marketing preferences.
  • Processor role: Where Tregox processes personal data contained in screenshots, snippets, documentation, metadata, or workspace content on behalf of an enterprise, school, organization, or other customer, Tregox acts as a data processor or service provider pursuant to the customer's documented instructions and applicable agreement.
  • Enterprise customer role: Enterprise customers are generally the data controllers or businesses responsible for determining the purpose and means of processing personal data contained in their workspaces and user generated content.

Where Tregox processes personal data as a processor on behalf of an enterprise customer, the parties will enter into a Data Processing Agreement (DPA) that incorporates applicable data protection obligations, including Standard Contractual Clauses (SCCs) where required. A copy of Tregox's standard DPA is available upon request at legal@tregox.com.

4.Information We Collect

4.1 Information You Provide

  • Name, username, or display name
  • Email address
  • Account login credentials and authentication information
  • Company, school, organization, or workspace information
  • Billing and subscription information
  • Custom categories, folders, tags, comments, labels, and organization structures you create
  • Support inquiries, feedback, and communications
  • Preferences, notification settings, and account configuration choices

4.2 Screenshot, Snippet, and Documentation Data

Tregox processes content captured, uploaded, or managed through the Service. This may include:

  • Screenshots or screen snippets captured by you
  • Uploaded images, documents, files, or visual records
  • Annotations, notes, comments, descriptions, and markups
  • OCR extracted text, tags, labels, classifications, and searchable metadata
  • Timestamps, device type, file type, file size, and workspace identifiers
  • Shared links, permissions, access logs, and collaboration activity

Important: Screenshots and snippets may contain personal, confidential, proprietary, regulated, or sensitive information depending on what you capture or upload. Tregox does not control what you choose to capture. You are responsible for ensuring that you have the right and authority to capture, upload, store, organize, and share such content.

4.3 Automatically Collected Information

  • IP address and approximate location derived from IP address
  • Device information, including operating system, browser type, hardware type, and device identifiers
  • App usage data, such as features used, session duration, clicks, capture activity, search activity, and error logs
  • Security and authentication logs
  • Cookie identifiers and analytics identifiers, where permitted

4.4 AI, OCR, and Automation Data

If you use AI, OCR, automated tagging, search enhancement, summarization, classification, or recommendation features, Tregox may process screenshots, snippets, extracted text, metadata, prompts, outputs, and related usage information to provide those features. AI and OCR outputs may be incomplete or inaccurate, and you are responsible for reviewing outputs before relying on them.

5.How We Use Your Information

We use personal data and user generated content to:

  • Provide, operate, maintain, and improve the Tregox application
  • Enable screenshot, snip, documentation, and visual knowledge management functionality
  • Store, categorize, annotate, tag, search, retrieve, and share content
  • Enable collaboration, workspace administration, permissions, and enterprise controls
  • Provide AI, OCR, search, recommendation, classification, and automation features where enabled
  • Authenticate users and manage accounts, subscriptions, billing, and support
  • Analyze performance, troubleshoot errors, improve reliability, and develop new features
  • Detect, prevent, and respond to fraud, abuse, unauthorized access, security incidents, and misuse
  • Comply with legal, regulatory, tax, accounting, and contractual obligations
  • Communicate with users about the Service, updates, security notices, and support requests

6.Legal Basis for Processing under GDPR

For users in the European Economic Area, United Kingdom, or Switzerland, we process personal data based on one or more of the following legal bases:

  • Contractual necessity: To provide the Service, manage accounts, process subscriptions, and deliver requested features.
  • Consent: Where required, such as for non essential cookies, certain marketing communications, or optional features.
  • Legitimate interests: To improve the Service, secure our systems, prevent fraud, provide support, and understand product usage, provided those interests are not overridden by your rights and freedoms.
  • Legal obligations: To comply with applicable laws, tax obligations, regulatory requirements, court orders, or government requests.
  • Customer instructions: Where Tregox acts as a processor, we process personal data on behalf of enterprise customers according to their documented instructions and applicable DPA.

7.Cookies and Tracking Technologies

Tregox uses cookies and similar technologies to support login sessions, security, preferences, analytics, performance measurement, and website functionality.

7.1 Types of Cookies

  • Essential cookies: Required for login, authentication, account security, and core functionality.
  • Performance cookies: Used to improve site speed, stability, and reliability.
  • Analytics cookies: Used to understand usage patterns and improve the user experience.
  • Preference cookies: Used to remember choices such as language, interface settings, and cookie preferences.

7.2 Cookie Control

  • You may manage cookies through your browser settings.
  • Where required by law, we request consent before using non essential cookies.
  • Disabling certain cookies may affect login, security, or application functionality.

8.Sharing and Disclosure of Information

We do not sell personal data. We may disclose personal data and user generated content only as described below.

  • Service providers and sub processors: We may share data with vendors that provide hosting, cloud storage, analytics, authentication, customer support, payment processing, security, AI infrastructure, and related services.
  • Enterprise customers and workspace administrators: If you use Tregox through an organization managed workspace, the organization and its administrators may access and manage workspace data, users, permissions, retention, exports, and security settings.
  • Legal and compliance purposes: We may disclose information when required by law, legal process, court order, government request, or to protect rights, safety, security, and property.
  • Business transfers: We may disclose or transfer information in connection with a merger, acquisition, financing, reorganization, sale of assets, or similar business transaction.
  • With your direction or consent: We may share information when you enable integrations, create shared links, invite collaborators, export content, or otherwise instruct us to disclose information.

All service providers and sub processors are required to maintain appropriate confidentiality, security, and data protection obligations. A register of sub processors is available on request at legal@tregox.com and will be updated with at least 30 days prior notice where required by applicable agreement or law.

9.Data Processing Agreement and Sub Processors

Where Tregox processes personal data as a processor on behalf of an enterprise customer, the parties will execute or incorporate a Data Processing Agreement. The DPA will include processing instructions, confidentiality requirements, security measures, sub processor terms, assistance with data subject rights, breach notification obligations, deletion or return of data, audit rights, and international transfer mechanisms where applicable.

For transfers of personal data from the EEA, United Kingdom, or Switzerland to countries that do not provide an adequate level of protection, Tregox will use appropriate safeguards, such as the Standard Contractual Clauses under EU Commission Decision 2021 and 914, the UK International Data Transfer Addendum, or other lawful transfer mechanisms as applicable.

10.Data Retention

Tregox retains personal data and user generated content only for as long as reasonably necessary for the purposes described in this Privacy Policy, unless a longer retention period is required by law, contract, security need, dispute, or legitimate business requirement.

Account profile and registration data

Default retention: Duration of active account plus 30 days after account closure or subscription termination.

Notes: May be retained longer if required for legal, tax, security, or dispute purposes.

Screenshot, snippet, documentation, and workspace content

Default retention: Until deleted by the user, workspace administrator, or customer. Otherwise for the duration of the subscription plus 30 days after termination.

Notes: Enterprise retention may be governed by customer configured policies or written agreement.

Screenshot metadata, tags, folders, categories, OCR text, and search indexes

Default retention: Same retention period as associated content, unless deleted earlier.

Notes: Search indexes may persist temporarily in backups or logs.

Usage, analytics, telemetry, and performance data

Default retention: Up to 24 months.

Notes: Aggregated or de identified analytics may be retained longer.

Security, audit, authentication, and access logs

Default retention: Up to 24 months.

Notes: May be retained longer for fraud prevention, security investigation, or legal compliance.

Billing and transaction records

Default retention: Up to 7 years.

Notes: Retained for tax, accounting, audit, and legal compliance.

Support communications

Default retention: Up to 3 years after the support request is closed.

Notes: May be retained longer for quality, dispute, or compliance purposes.

Backup copies

Default retention: Deleted or overwritten within 90 days after the applicable retention period, unless legal hold applies.

Notes: Backup deletion follows standard backup rotation practices.

Retention schedules may be adjusted where required by enterprise agreement, legal hold, regulatory requirement, or customer configured retention settings. You may request deletion of your account or personal data as described in Section 14.

11.Data Security

Tregox implements technical and organizational measures designed to protect personal data and user generated content against unauthorized access, disclosure, alteration, loss, misuse, and destruction. These measures include:

  • Encryption at rest using AES 256 or a comparable industry standard encryption method where supported by the storage environment.
  • Encryption in transit using TLS 1.3 or higher, or a comparable secure transport protocol where TLS 1.3 is not available.
  • Role based access controls (RBAC) and least privilege access principles.
  • Multi factor authentication for administrative access where available and appropriate.
  • Secure cloud storage and infrastructure monitoring.
  • Logging, monitoring, and audit controls for security relevant events.
  • Vulnerability management, patching, and periodic security reviews.
  • Annual penetration testing or independent security assessment by a qualified third party, where commercially reasonable.
  • Personnel confidentiality obligations and access control procedures.
  • Incident response procedures aligned with GDPR Articles 33 and 34 and applicable breach notification laws.

No system is completely secure. You are responsible for protecting your login credentials, configuring workspace permissions appropriately, and ensuring that content captured or uploaded to Tregox is handled securely.

12.Personal Data Breach Notification

In the event of a personal data breach involving personal data processed by Tregox, we will take steps designed to investigate, contain, mitigate, and remediate the incident.

Where required by applicable law, Tregox will:

  • Notify the relevant supervisory authority within 72 hours of becoming aware of the breach where feasible and required under GDPR Article 33.
  • Notify affected data subjects without undue delay where the breach is likely to result in a high risk to their rights and freedoms under GDPR Article 34.
  • Notify California residents and other affected individuals in accordance with applicable U.S. state breach notification laws, including California Civil Code Sections 1798.29 and 1798.82 where applicable.
  • Notify enterprise customers in accordance with the applicable DPA, order form, or enterprise agreement.
  • Maintain a record of personal data breaches, including facts relating to the breach, effects, remedial action taken, and whether notice was required.

13.International Data Transfers

Your data may be transferred to, stored in, or processed in countries other than the country where you reside, including the United States. These countries may have data protection laws that differ from those in your jurisdiction.

Where required, Tregox uses safeguards such as Standard Contractual Clauses, the UK International Data Transfer Addendum, adequacy decisions, contractual commitments, and industry standard security protections.

14.Your Privacy Rights

14.1 GDPR Rights for EU, EEA, UK, and Swiss Users

Subject to applicable law and verification of your identity, you may have the right to:

  • Access your personal data
  • Correct inaccurate or incomplete personal data
  • Request deletion of personal data
  • Restrict or object to processing
  • Receive a copy of your personal data in portable format
  • Withdraw consent where processing is based on consent
  • Object to direct marketing
  • Lodge a complaint with your local supervisory authority under GDPR Article 77

To exercise your rights, contact privacy@tregox.com or legal@tregox.com. If your data is processed by Tregox on behalf of an enterprise customer, we may refer your request to that customer or process it according to the customer's instructions.

14.2 CCPA and CPRA Rights for California Residents

Subject to applicable law and verification, California residents may have the right to:

  • Know what personal information we collect, use, disclose, and share
  • Request access to specific pieces of personal information
  • Request deletion of personal information
  • Request correction of inaccurate personal information
  • Opt out of the sale or sharing of personal information
  • Limit use and disclosure of sensitive personal information where applicable
  • Not be discriminated against for exercising privacy rights

Tregox does not sell personal information. Tregox does not use sensitive personal information for purposes beyond providing and securing the Service unless otherwise disclosed and permitted by law.

To submit a California privacy request, email privacy@tregox.com with the subject line "CCPA Request." We will respond within 45 days unless an extension is permitted by law.

15.Children's Privacy

Tregox is not directed to children under the age of 13, or under the age of 16 in the EU and EEA where applicable national law requires a higher age of consent. We do not knowingly collect personal data from children without verifiable parental consent or other lawful authorization.

If we become aware that we have collected personal data from a child without appropriate consent or authorization, we will delete such data promptly. If you believe a child has provided personal data to Tregox, contact us at privacy@tregox.com.

16.User Responsibility for Captured Content

Because Tregox enables screenshot and snippet capture, you are responsible for the content you capture, upload, store, categorize, annotate, and share.

  • You should avoid capturing sensitive, confidential, regulated, or proprietary information unless necessary and authorized.
  • You are responsible for complying with applicable privacy, intellectual property, employment, education, confidentiality, surveillance, and data protection laws when capturing content.
  • You are responsible for configuring sharing permissions and workspace access appropriately.
  • You should not capture or share third party content in a way that violates contractual obligations, platform terms, privacy rights, or intellectual property rights.

17.Third Party Services and Integrations

Tregox may integrate with third party services, including cloud storage providers, analytics tools, payment processors, authentication providers, productivity platforms, ticketing systems, collaboration tools, and AI infrastructure providers.

Third party services are governed by their own terms and privacy policies. Tregox is not responsible for the privacy, security, availability, or practices of third party services that you choose to connect or use.

18.Additional CCPA Disclosure

In the past 12 months, Tregox may have collected the following categories of personal information:

  • Identifiers, such as name, email address, account identifiers, IP address, and device identifiers
  • Commercial information, such as subscription and billing records
  • Internet or electronic network activity information, such as app usage, logs, and analytics
  • User generated content, such as screenshots, snippets, categories, annotations, tags, OCR text, and documentation
  • Approximate geolocation derived from IP address
  • Professional or employment related information, if provided by an enterprise customer or user
  • Inferences derived from usage patterns to improve features, security, and user experience

Tregox does not sell personal information. Tregox does not knowingly sell or share personal information of consumers under 16 years of age.

19.Updates to this Privacy Policy

We may update this Privacy Policy from time to time. Changes will be reflected by updating the "Last Updated" date above. Where required by law or where changes are material, we will provide additional notice, such as by email, in product notice, or website notice.

Your continued use of the Service after the effective date of an updated Privacy Policy means that you acknowledge the updated policy.

20.Governing Law, Supervisory Authority, and Dispute Resolution

This Privacy Policy is governed by the laws of the State of Georgia, United States, without regard to conflict of law principles, except where applicable privacy laws provide otherwise.

Tregox does not have an establishment in the European Union. EU and EEA users may lodge a complaint with the supervisory authority in their country of residence under GDPR Article 77.

Before filing a formal legal claim, we encourage you to contact us so we can attempt to resolve your concern informally. Disputes not resolved informally will be subject to the exclusive jurisdiction of the state and federal courts located in the State of Georgia, United States, unless applicable law provides otherwise.

21.Contact Us

If you have questions, requests, or concerns about this Privacy Policy or Tregox's data practices, contact us at:

Tregox, Privacy Team

Email: privacy@tregox.com

Legal: legal@tregox.com

Website: www.tregox.com

Address: available on request at legal@tregox.com