TritonLogin
Back to home

Privacy Policy

Last updated: May 20, 2026

Placeholder notice: This document is a draft used while Triton is in early access. It describes our intended data practices but is not yet a finalized legal notice. A final version will replace this before general availability. Continued use of Triton during early access constitutes acknowledgement of the practices described here.

1. Who we are

Triton (“we”, “us”) is a membership management platform for fitness studios and martial arts gyms, operated from the Republic of the Philippines. This Privacy Policy describes how we handle personal information collected through the Triton web application and its supporting services.

2. Information we collect

From you (gym operators using Triton)

  • Account information: email address, name, organization details, login credentials.
  • Operational data you enter: member profiles, classes, schedules, attendance, billing records, agreements. This data is yours and we process it on your behalf.
  • Payment information: when you receive payments through Triton’s Stripe integration, payment details are handled by Stripe under their own terms; we receive only metadata (amounts, status, reference IDs).

Automatically (technical and usage data)

  • Diagnostic telemetry: error reports, performance metrics, the URL of the page that triggered an issue, browser type, and your authenticated user ID. Used to investigate and fix bugs.
  • Session recordings: Triton records visual playback of your interactions with the application (DOM mutations, mouse movement, console logs, network requests) so that our support team can reproduce issues without needing you to demonstrate them. Sensitive form fields (passwords, payment fields) and identifying text are masked at the time of recording and never leave your browser unmasked. Recordings are sampled at approximately 10% of sessions, and 100% of sessions where an error occurs.
  • Cookies and local storage: we use cookies for authentication (Supabase session), branch context, and remembering UI preferences. We do not use third-party advertising cookies.

3. How we use the information

  • To provide, maintain, and improve the Triton service.
  • To diagnose and fix bugs and outages.
  • To communicate with you about service updates, billing, security, and customer support.
  • To comply with legal obligations.

We do not sell personal information. We do not use your data to train AI models.

4. Subprocessors

We use the following third parties to operate Triton. Each processes data only on instructions from us, under their own security and privacy commitments:

  • Supabase — database, authentication, file storage.
  • Vercel — web hosting and edge functions.
  • Sentry — error reporting and session replay (as described in “Session recordings” above).
  • Stripe — payment processing for your members’ transactions.
  • Cloudflare Turnstile — bot protection on authentication forms.
  • Twilio, Resend, Meta (WhatsApp/Messenger)— outbound messaging on your behalf (only when your organization enables these features).
  • Upstash Redis — rate limiting and short-lived analytics caching.
  • Anthropic — AI assistant (Mentor) request processing. Mentor sends the messages of the relevant conversation plus a system prompt describing your branch context; your operational data is queried only via tool calls you initiate.

5. Where data is stored

Triton’s primary database is hosted in the Sydney, Australia region (Supabase). Telemetry and session recordings are processed and stored by Sentry. Some subprocessors operate globally.

6. Data retention

We retain your operational data for as long as your account is active. Error reports and session recordings are retained for the period defined by our Sentry plan (typically 30 to 90 days), then automatically purged. Backups are retained for 30 days.

7. Your rights

Subject to applicable law, you have the right to:

  • Access the personal information we hold about you.
  • Request correction of inaccurate information.
  • Request deletion of your personal information.
  • Object to or restrict certain processing.
  • Withdraw consent for processing where consent is the basis.

To exercise any of these rights, contact us at the email address you used to register for early access. We will respond within the timeframes required by applicable law (typically 30 days).

If you would like to opt out of session recording specifically, please reply to your early-access onboarding email and we will exclude your account.

8. Security

Personal information is transmitted over TLS and stored in encrypted databases. We apply Row-Level Security at the database layer to restrict access between organizations. We follow commercially reasonable practices but cannot guarantee absolute security.

9. Children

Triton itself is not directed to children. Gym operators may store information about minor members on their gyms’ behalf, with parental consent obtained by the gym. We rely on the gym operator to obtain those consents.

10. Philippines Data Privacy Act

We comply with the Philippines Data Privacy Act of 2012 (RA 10173). Our designated Data Protection Officer can be contacted at the address provided during early-access onboarding.

11. Changes to this Policy

We may update this Policy from time to time. Material changes will be communicated by email at least 14 days before they take effect.

12. Contact

Privacy questions, data-access requests, and complaints can be sent to the contact details provided during early-access onboarding.