Last Updated: April 1, 2026
Data Controller: Trellis2.app ("we", "us", "our")
This Privacy Policy describes how Trellis2.app collects, uses, stores, and protects your personal information when you use our website and services (the "Services"). By using our Services, you agree to the data practices described in this policy.
- Account Information: Name, email address, and password when you register.
- Profile Information: Avatar and display name.
- Payment Information: Billing address and payment details processed through Stripe (we do not store full credit card numbers).
- Content You Submit: Images, text, and files you upload to use our AI features.
- Communications: Messages you send to our support team.
- Usage Data: Pages visited, features used, time spent, and interaction patterns.
- Device Information: IP address, browser type, operating system, screen resolution, and device identifiers.
- Log Data: Server access logs, error logs, and system performance data.
- Cookies and Tracking Technologies: See our Cookie Policy for details.
- Authentication Providers: When you sign in via Google or GitHub, we receive your name, email, and profile picture.
- Payment Provider: Stripe provides transaction status and limited payment method information.
We use your personal information for the following purposes:
- Service Delivery: To provide, operate, and maintain our AI image-to-3D model conversion services.
- Account Management: To create and manage your account, authenticate your identity, and provide customer support.
- Payment Processing: To process subscriptions and credit purchases via Stripe.
- Service Improvement: To analyze usage patterns, fix bugs, and develop new features.
- Communication: To send service notifications, security alerts, and respond to your inquiries.
- Security: To detect fraud, abuse, and unauthorized access.
- Legal Compliance: To comply with applicable laws and regulations.
For users in the European Economic Area, we process your data based on:
- Contract Performance: To deliver the services you signed up for.
- Legitimate Interest: To improve our services, ensure security, and prevent fraud.
- Consent: For marketing communications and non-essential cookies.
- Legal Obligation: To comply with applicable laws.
Our core service involves AI-powered image-to-3D model conversion. This section explains how we handle your data in this context:
- Input Data: Images and text you submit are processed by our AI models to generate 3D outputs.
- Third-Party AI Providers: We use FAL.ai and OpenAI as subprocessors for AI model inference. These providers process your input data solely to generate the requested output on our behalf.
- Output Data: Generated 3D models and related outputs are stored in your account and are not used to train third-party AI models.
- Data Retention: Input images and generated outputs are retained in your account until you delete them or close your account.
We share data with the following categories of third parties:
| Service | Purpose | Data Shared |
|---|
| Stripe | Payment processing | Billing info, payment method tokens |
| Google / GitHub | OAuth authentication | Name, email, profile picture |
| FAL.ai | AI 3D model generation | Uploaded images, generation parameters |
| OpenAI | AI text/chat processing | Text prompts, chat messages |
| Resend | Email delivery | Email address, email content |
| Cloud Storage (S3) | File storage | Uploaded images, generated 3D models |
| Analytics Providers | Usage analytics | Anonymized usage data, device info |
All third-party providers are contractually obligated to process your data only as instructed and in compliance with applicable data protection laws.
- Storage Location: Data is stored on secure servers. Our primary infrastructure is hosted in the United States.
- Encryption: Data in transit is encrypted using TLS. Sensitive data at rest is encrypted using AES-256.
- Access Controls: We limit access to personal data to authorized personnel who need it for their job functions.
- Retention Period: We retain your personal data for as long as your account is active or as needed to provide services. Upon account deletion, we delete your data within 30 days, except where retention is required by law.
If you are accessing our Services from outside the United States, please be aware that your data may be transferred to and processed in the United States. We ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) with our subprocessors.
You have the right to:
- Access: Request a copy of your personal data.
- Rectification: Request correction of inaccurate data.
- Deletion: Request deletion of your personal data.
- Portability: Request your data in a machine-readable format.
- Restriction: Request restriction of processing in certain circumstances.
- Objection: Object to processing based on legitimate interests.
- Right to withdraw consent at any time for consent-based processing.
- Right to lodge a complaint with your local supervisory authority.
- Right to know what personal information is collected and how it is used.
- Right to request deletion of personal information.
- Right to opt out of the sale of personal information (we do not sell your data).
- Right to non-discrimination for exercising your rights.
To exercise any of these rights, contact us at [email protected]. We will respond to your request within 30 days.
Our Services are not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we learn that we have collected personal data from a child under 13, we will delete it promptly.
In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR.
We may update this Privacy Policy from time to time. We will notify you of material changes by:
- Posting the updated policy on this page with a revised "Last Updated" date.
- Sending an email notification for significant changes.
Your continued use of our Services after changes take effect constitutes acceptance of the updated policy.
If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us:
For GDPR-related inquiries, you may also contact your local data protection supervisory authority.