Privacy Policy
1. Who We Are
Treclipse Inc. ("Treclipse," "we," "us," or "our") operates Treform ("the Service"), a cloud-based AI architectural editor available at app.treform.ai. For the purposes of applicable data protection laws (including the EU/UK GDPR and the California Consumer Privacy Act), Treclipse Inc. is the data controller for information collected through the Service, except where we act as a processor on your behalf.
Portions of the Service are built on the open-source Pascal Editor project; see our Terms of Service for attribution details. This Policy applies to the hosted Treform Service only and not to independent forks or self-hosted deployments of Pascal Editor.
2. Information We Collect
Account information
When you create an account we collect your email address, name, profile picture, and OAuth provider identifiers (when you sign in with Google). We use Supabase Auth to manage sessions.
Project and design content
When you create or upload projects, we store 3D scene graphs, floor plans, renders, uploaded reference images, and related metadata in our database and object storage.
Prompts and AI content
When you use AI features, we transmit your prompts, scene context, and any images you attach to our AI subprocessors (Anthropic for text/tool-use; FAL for image rendering). We log AI requests and responses for debugging, abuse prevention, and to compute your usage quotas.
BYOK credentials
If you enroll in the Bring-Your-Own-Key (BYOK) plan, you provide your own Anthropic API key. We encrypt it at rest (AES-256-GCM) and decrypt it only when proxying AI requests you initiate.
Billing information
Paid subscriptions are processed by Whop. Whop collects and handles your payment method (for example, card details) directly; we do not see or store full payment card numbers. We store the plan, subscription status, and subscription identifiers that Whop returns to us.
Usage and device data
Through server logs, Vercel hosting, and Vercel Analytics and Speed Insights, we collect IP addresses, user-agent strings, approximate location (at the country/region level), referrer, pages viewed, performance metrics, and usage patterns. This data is largely anonymized and used to operate and improve the Service.
Communications
If you contact support or send feedback through the in-app feedback dialog, we receive the message, any images you attach, and associated account and project identifiers. When you sign up, we sync your email to Brevo (our contact and transactional email provider) to communicate with you.
3. How We Use Your Information
We use your information to:
- Operate, maintain, and secure your account and the Service;
- Store and sync your projects across devices;
- Execute your AI requests and return responses;
- Meter usage against plan quotas and process payments;
- Provide support and respond to your messages;
- Send account-related and (with your consent, where required) product emails;
- Monitor for abuse, debug issues, and improve the Service;
- Comply with legal obligations and enforce our Terms.
4. Legal Bases (EEA/UK Users)
If you are in the EEA or UK, we rely on the following legal bases under the GDPR:
- Contract — to provide the Service you request, including authentication, project storage, and billing;
- Legitimate interests — to secure the Service, prevent abuse, and improve product quality, where those interests are not overridden by your rights;
- Legal obligations — to meet tax, accounting, and other legal requirements;
- Consent — for optional marketing communications and any other processing where consent is required, which you may withdraw at any time.
5. AI Model Training
We do not use your projects, prompts, images, or AI Outputs to train our own generative models. Our current AI subprocessors do not train their foundation models on API inputs or outputs by default under their standard commercial terms. We do not opt in to any program that would permit such training. See the Subprocessors page for links to current subprocessor policies.
6. How We Share Information
We do not sell your personal information. We share information only as follows:
- Subprocessors — service providers that process data on our behalf under contract, including Supabase, Vercel, Whop, Anthropic, FAL, Brevo, and Google. See the full list on our Subprocessors page.
- Legal, safety, and compliance — when we believe disclosure is required by law, legal process, or to protect the rights, property, or safety of Treclipse, our users, or others.
- Business transfers — in connection with a merger, acquisition, financing, or sale of assets, subject to customary confidentiality protections.
- With your direction — when you instruct us to share, for example by sharing a project link.
7. International Data Transfers
Treclipse is based in the United States and our subprocessors are located in the United States, the European Union, and other jurisdictions. Where personal data is transferred internationally we rely on appropriate safeguards, including the European Commission's Standard Contractual Clauses or equivalent mechanisms.
8. Data Retention
We retain your information for as long as your account is active, as needed to provide the Service, and as required for legal, accounting, or security purposes. If you delete a project or your account, we will delete or de-identify the associated personal data within 30 days, except where a longer retention period is required by law (for example, financial records). Backups are retained for a limited period and then overwritten on our normal rotation.
9. Your Rights
Depending on where you live, you may have rights to:
- Access a copy of personal data we hold about you;
- Correct inaccurate data;
- Delete your data (subject to legal exceptions);
- Restrict or object to certain processing;
- Port your data to another service;
- Withdraw consent where processing is based on consent;
- If you are a California resident, rights under the CCPA/CPRA, including the right to know, delete, correct, and limit use of sensitive information, without discrimination for exercising them. We do not sell personal information and do not share it for cross-context behavioral advertising.
To exercise these rights, contact support@treclipse.ai. We may ask you to verify your identity before acting on your request. You also have the right to lodge a complaint with your local data protection authority.
10. Security
We implement technical and organizational safeguards appropriate to the risk, including TLS in transit, encryption of BYOK keys at rest, row-level security on user data, access controls, and audit logging. No system is perfectly secure; you are responsible for protecting your own credentials.
11. Cookies and Similar Technologies
We use a minimal set of cookies and local storage, including:
- Session and authentication cookies — essential to keep you signed in and to protect your account;
- Analytics cookies — via Vercel Analytics to collect anonymized usage and performance data;
- Local storage — to persist your project data and editor preferences on your device so the Service works offline and across reloads.
You can clear cookies and local storage through your browser at any time; doing so may sign you out or remove locally saved projects that haven't been synced.
12. Children
The Service is not directed to children under 13 (or the minimum age required by law in your jurisdiction). We do not knowingly collect personal information from children in that age group. If you believe a child has provided us personal data, please contact us and we will delete it.
13. Changes to This Policy
We may update this Privacy Policy from time to time. For material changes, we will provide reasonable advance notice by email or in-app notice. The "Effective Date" at the top reflects the latest revision.
14. Contact
Questions, requests, or complaints? Contact our privacy team at support@treclipse.ai.