Privacy Policy
Effective date: March 1, 2026 · Last updated: March 12, 2026
The short version: Your CSV files are processed in-memory to generate your report and are never stored on our servers. Only anonymized vendor patterns (e.g., "a company spent ~$X/month on Slack") are retained to improve detection accuracy. We don't sell your data — ever.
1. Who We Are
TrimStack ("we", "our", "us") is a SaaS spend intelligence tool operated by Polsia Inc. We help companies identify and reduce wasteful software subscription spending. Our service is accessible at trimstack.co.
2. What Data We Collect
2a. CSV Upload Data (Free Scan)
When you upload a CSV file for a free scan:
- Transaction CSV files are NOT stored. Files are parsed in memory, the report is generated, and the raw file is discarded immediately.
- We retain anonymized, aggregated vendor patterns — specifically, normalized merchant names (e.g., "SLACK TECHNOLOGIES INC") and approximate spend amounts. These are used solely to improve our SaaS vendor detection accuracy.
- Your report is stored with a unique share token and expires after 30 days by default.
2b. Account Data (Registered Users)
If you create a TrimStack account, we collect:
- Email address and name (optional)
- Password (bcrypt-hashed — we cannot read it)
- Subscription data you manually enter into the dashboard
- Reports you generate, associated with your account
2c. Usage Data
We collect anonymized usage events (e.g., "a report was generated", "an upload was processed") for product analytics. These events do not contain your financial data.
3. How We Use Your Data
- To generate and display your SaaS spend report
- To maintain your account and subscriptions dashboard
- To improve vendor detection accuracy using anonymized patterns
- To send you account-related emails (billing, alerts you configured)
We do not use your data for advertising, sell it to third parties, or share it with any parties outside our core infrastructure providers (see Section 5).
4. Legal Basis for Processing (GDPR)
If you are in the European Economic Area (EEA), we process your personal data under the following legal bases:
- Contract performance — to provide the service you signed up for
- Legitimate interests — product improvement using anonymized patterns
- Consent — for any optional communications you opt into
5. Infrastructure Providers
We use the following third-party services to operate TrimStack:
- Render — application hosting (United States)
- Neon — PostgreSQL database (United States)
- Stripe — payment processing (we never see full card numbers)
All providers are contractually bound to process your data only on our behalf and in accordance with applicable privacy law.
6. Data Retention
- Free scan reports: Deleted after 30 days
- Account data: Retained while your account is active
- Anonymized vendor patterns: Retained indefinitely to improve the service
7. Your Rights
You have the right to:
- Access the personal data we hold about you
- Correct inaccurate data
- Delete your account and associated data
- Export your data in a machine-readable format
- Object to certain processing activities
To exercise any of these rights, email us at privacy@trimstack.co. We will respond within 30 days.
8. Cookies
TrimStack uses a single session cookie to keep you logged in. We do not use advertising or tracking cookies.
9. Security
We use HTTPS for all data in transit, bcrypt for password hashing, and server-side session management. We do not store raw CSV files after processing.
10. Changes to This Policy
If we make material changes, we will notify registered users by email at least 14 days before the changes take effect.
11. Contact
Questions about this policy? Email privacy@trimstack.co.