Version 2026-07-12
TridentERP (“we”, “us”, “our”) operates the https://tridenterp.com website and the TridentERP business management service (together, the “Service”). This page explains what personal data we process, why, who we share it with, and the rights you have over it.
For the personal data of people who visit this website and people who register an account (name, email address, billing records), we act as a data controller.
The Service is a business tool. The business data our customers keep inside their workspace — employee records, payroll, leave, time sheets, clients, suppliers, contacts, financial documents — may contain personal data of people who are not our users. For that data the customer (the workspace owner) is the data controller, and we act as a data processor: we process it only to provide the Service and only on the customer's instructions. If you believe a TridentERP customer holds your personal data, please contact that business directly; we will assist them in fulfilling your request.
Account data. Name, email address, password (stored as a one-way hash), optional phone number, interface language, and — if you sign in with a social provider — the name, email address, avatar and account identifier that provider shares with us.
Billing data. Your subscription, orders and payment history. Card details are entered directly with our payment providers and never touch our servers; we store only payment references.
Consent records. The time and policy version you accepted at registration.
Usage data. Server logs (IP address, browser type, pages visited, timestamps) kept for security and troubleshooting.
We process personal data:
Some features use a large language model to read documents and text you submit — for example extracting expense receipts, importing bank statements, reading supplier bills and e-invoices, categorising transactions, and answering questions about your workspace data. When you use such a feature, the content you submit (including document images and PDF files, which may contain names and other personal data) is transmitted to Anthropic PBC (USA) for processing.
Before transmission we automatically mask structured identifiers in text (IBANs, email addresses, phone numbers, payment card numbers, tax identifiers) and strip embedded metadata (author, tool and device information) from images and PDF documents. We store only usage metrics for these calls (token counts and cost) — never the content of your documents or the model's responses. Under Anthropic's commercial terms, submitted content is not used to train their models. AI features are optional: they are inactive unless an API key is configured for your workspace, and can be switched off at any time.
Depending on how your account and deployment are configured, we share personal data with the following categories of providers, each bound by a data processing agreement:
Accounting integrations. If a workspace administrator connects the optional Xero or QuickBooks integration, financial records from that workspace (which may include client and supplier names) are exchanged with that provider under the customer's own agreement with it. No data flows to these providers unless the customer connects them.
Some providers listed above are located outside the European Economic Area, notably in the United States. Where personal data is transferred to a country without an adequacy decision, we rely on the European Commission's Standard Contractual Clauses and, where the provider is certified, the EU-U.S. Data Privacy Framework, together with supplementary technical measures such as encryption in transit.
We use strictly necessary cookies for sign-in sessions and security (these do not require consent), a cookie remembering your cookie-banner choice, and — only after you accept the banner — analytics cookies. You can withdraw analytics consent by clearing this site's cookies in your browser.
Account data is kept for as long as your account exists. Billing and accounting records are kept for the period required by tax law. Server logs are kept for a short operational period. Workspace business data is retained while the customer's workspace exists and is deleted or returned in line with the customer's instructions when it ends.
Under the GDPR you have the right to:
To exercise any of these rights, contact us at [email protected]. We respond within one month. Where the request concerns data held in a customer's workspace, we will refer it to the responsible customer and assist them.
We protect personal data with encryption in transit, hashed passwords, encrypted storage of integration credentials and API keys, optional two-factor authentication, role-based access control and strict per-workspace data isolation. No method of transmission or storage is completely secure, but we work to protect your data with appropriate technical and organisational measures and will notify affected users and authorities of a personal data breach as required by law.
The Service is a business tool and is not directed at anyone under 16. We do not knowingly collect personal data from children; if you believe a child has provided us personal data, contact us and we will delete it.
When we change this policy we update the version number at the top of this page and, for significant changes, notify registered users by email or an in-app notice before the change takes effect.
Questions about this policy or our data practices: [email protected].