Privacy Policy

Last updated: May 1, 2026

This Privacy Policy describes how Troste LLC ("TrosteLens", "we", "us", "our") collects, uses, and shares information when you visit trostelens.com or use the TrosteLens service (the "Service").

1. Who we are

TrosteLens is a service operated by Troste LLC. For privacy-related questions or requests, contact us at sales@trostelens.com.

2. Information we collect

We collect the following categories of information:

  • Account information. When you sign in with Microsoft, we receive your name, email address, Microsoft Object ID, and tenant identifier from the Microsoft identity platform.
  • Tenant data. When you run a scan, we read license assignments, group memberships, and sign-in activity from Microsoft Graph using the read-only permissions you grant. This data is stored as scan results to provide the analytics features of the Service.
  • Billing information. Payment is processed by Stripe. We receive your Stripe customer ID, subscription status, and billing period dates. We do not store payment card numbers — those are held only by Stripe.
  • Usage and operational data. Server logs (IP address, request timestamps, error traces, correlation IDs) used to operate, secure, and debug the Service.
  • Communications. Messages you send us (e.g., support email).

3. How we use information

We use the information we collect to:

  • Provide, operate, and maintain the Service.
  • Process subscriptions and billing.
  • Generate the license analytics and reports you request.
  • Detect, investigate, and prevent fraud, abuse, and security incidents.
  • Comply with legal obligations.
  • Communicate with you about your account, security, or service updates.

We do not sell your personal information. We do not use your tenant data to train machine learning models or to build advertising profiles.

4. Legal basis for processing (EEA/UK)

Where the EU GDPR or UK GDPR applies, our legal bases are: performance of our contract with you (to provide the Service), our legitimate interests (to secure and improve the Service), and compliance with legal obligations.

5. Subprocessors

We use the following service providers to operate TrosteLens:

  • Microsoft Azure — hosting, database, and Key Vault (United States region).
  • Microsoft Graph — the source API for license and sign-in data you authorize us to read.
  • Stripe — payment processing and the Customer Portal.
  • GitHub — source code and CI/CD.

6. Data location and retention

Account, tenant scan, and billing records are stored in Azure (United States region). We retain account and scan data for as long as your account is active. When you delete your account, we remove your scan history, account record, and Stripe customer link within 30 days, except where retention is required by law (e.g., billing records for tax compliance, typically 7 years).

Server logs are retained for up to 90 days.

7. Your rights

Depending on your jurisdiction, you may have the right to access, correct, export, or delete your personal information, to object to or restrict certain processing, and to lodge a complaint with a supervisory authority. To exercise these rights, email sales@trostelens.com. We respond within 30 days.

8. International transfers

TrosteLens is operated from the United States. If you are accessing the Service from outside the United States, your information will be transferred to and processed in the U.S. By using the Service, you consent to this transfer.

9. Security

We use industry-standard safeguards to protect your data: encryption in transit (TLS), encryption at rest in Azure, role-based access controls, secret management via Azure Key Vault, and least-privilege Microsoft Graph scopes. No system is perfectly secure; if we discover a breach affecting your data, we will notify you without undue delay.

10. Cookies

The marketing site at trostelens.com uses no analytics or advertising cookies. The application at app.trostelens.com uses session cookies required for authentication and a small number of functional cookies to remember UI preferences. We do not use third-party tracking cookies.

11. Children's privacy

TrosteLens is not intended for individuals under 16. We do not knowingly collect personal information from children. If you believe we have, contact us and we will delete it.

12. Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top reflects the most recent revision. Material changes will be communicated to active customers by email.

13. Contact

Questions or requests? Email sales@trostelens.com.