Trust
Security overview
How we protect your account, your content, and your learners' data. Last updated June 30, 2026. This page is a plain-language summary, not a contract — for a DPA or security questionnaire, email [email protected].
Hosting & encryption
Trivana runs on Vercel with a Supabase (Postgres) database in US-East and Cloudflare R2 for media. All traffic is served over TLS, and data is encrypted in transit and at rest by our infrastructure providers.
Access control
Every customer's content and reports are isolated by row-level security (RLS) in the database and by per-request authorization in our APIs — a signed-in user can only read or modify their own (or their team's) games, cohorts, and learner results.
Authentication
Creator accounts sign in with Google OAuth or email via Supabase Auth. SSO / SCIM for Enterprise is available on request — talk to us about your identity provider.
Learner data
Players join quizzes with no account. The only learner data we store is the name a learner types and their score/timing. Names are self-asserted (not identity-verified). Exports are sanitized against spreadsheet-formula injection.
Data retention & deletion
You can request deletion of your account, a specific quiz's learner results, or a cohort's data by emailing support; we action deletion within 30 days. On termination, customer content and learner records are returned or deleted on request.
Sub-processors
We use a small set of vetted providers (Supabase, Vercel, Cloudflare, ElevenLabs, Stripe, Razorpay, and our LLM provider). The full register, with what each processes and where, is on our sub-processors page.