LEGAL / PRIVACY·EFFECTIVE MAY 2026·gotrama.com

Privacy policy.

Plain-English summary first. The clauses that follow are the binding text. Both say the same thing — the policy is short on purpose because we collect very little.

§00at a glance

· We never sell personal data. We have never sold personal data.
· We do not collect customer names, emails, phone numbers, or addresses.
· We read order totals, refund totals, timestamps, and currency from your store. That is enough to build the revenue dashboard.
· Individual orders are not stored — only daily aggregates that contain no personal data.
· OAuth tokens to your platforms are encrypted with AES-256-GCM and deleted when you uninstall.
· To delete your account, email privacy@gotrama.com — purge happens within 30 days.

§01who we are

Trama is a headless commerce connector and revenue-intelligence platform operated by the Trama team (collectively "Trama", "we"). Trama is the data controller for personal data merchants share with us, and a data processor for personal data flowing through merchants' stores. This policy explains what we touch, what we don't, and how it's protected.

§02what we read from your store

Trama connects to Wix, Shopify, and Webflow via OAuth. For each order in your connected store we read only:

Order total amount and currency
Refund total amount (if any)
Order timestamp
An opaque customer identifier — used in memory to count distinct buyers per day, then discarded

We do not request, read, or store customer names, email addresses, phone numbers, shipping addresses, billing addresses, payment details, or order line items. Once a collection tick finishes, the only data persisted to our database is a daily aggregate row (gross sales, refunds, order count, distinct-buyer count) that contains no personal data of any kind.

§03why we read it

To produce the revenue-intelligence dashboards merchants pay for. We aggregate the values above into daily revenue trends and correlate those trends with operational events your site experiences — failed audits, new security findings, uptime incidents, drift in the mapping configuration. The merchant uses these correlations to prioritise fixes that protect revenue. Without order data, this product cannot exist.

We do not use personal data for marketing, retargeting, profile-building, AI model training, automated decision-making that affects individual shoppers, or any purpose other than the one described above.

§04how long we keep it

Daily revenue aggregates: Retained for the lifetime of the merchant's account. Contain no personal data.
OAuth tokens (Wix, Shopify, Webflow, Google Analytics): Encrypted at rest. Deleted immediately when the merchant uninstalls our app via the platform's app-uninstalled webhook.
Customer identifier (opaque ID): Held in process memory during a single collection tick. Never written to disk.
Operational logs: 30 days, then automatically pruned.
Audit log (admin actions, fix applications): Seven years for compliance. Contains no customer data — only merchant-side admin actions.

§05how it's protected

encryption at restPostgreSQL hosted on Supabase, with AES-256 encryption at the storage layer. OAuth tokens are additionally encrypted at the application layer with AES-256-GCM — each token has its own 12-byte random IV and a 16-byte GCM auth tag that is verified on decrypt, so a corrupted ciphertext fails closed. The encryption key is stored in our deployment platform's secret manager and never in code.

encryption in transitTLS 1.2 or higher on every endpoint. HTTP Strict-Transport-Security headers on the dashboard and API. All platform-API calls (Wix, Shopify, Webflow, Google Analytics, OpenAI) go through HTTPS.

tenant isolationPostgreSQL Row-Level Security policies on every multi-tenant table. Every user-facing request runs in a transaction that sets the tenant identifier; the database automatically filters rows. Cross-tenant background workers use a dedicated database role with restricted privileges.

access controlsThe dashboard uses short-lived JWT access tokens (15 minutes) backed by Supabase Auth. SDK API keys are 32-byte random strings hashed with SHA-256 before storage — the plaintext is shown once at issuance and never persisted. Trama staff do not have direct production-database access; all admin actions go through the same dashboard surface customers use and are written to the audit log.

§06subprocessors

We rely on the following infrastructure providers. Each is bound by a data processing agreement and ships data only to the regions listed.

Supabase Inc. — managed PostgreSQL and authentication (AWS, us-east-1)
Upstash Inc. — Redis cache and job queue (AWS, us-east-1)
Vercel Inc. — dashboard and marketing site hosting
Render Inc. — API server hosting
Cloudflare R2 — encrypted cold-storage for dormant accounts
OpenAI, L.L.C. — gpt-4o-mini model for plain-English explanations. Customer data is never sent to OpenAI. Only aggregated event metadata (event type, percentage change, confidence) is included in prompts; a post-generation filter rejects any output containing identifiers.
Sentry — error tracking, with a PII-redaction filter that strips emails, customer IDs, and tokens before payloads are sent.
Lemon Squeezy — subscription billing. Receives the merchant's tenant identifier and email only; never receives data sourced from a connected store.

§07your rights

You can request access, correction, or deletion of any personal data we hold about you or your store. Email privacy@gotrama.com. Account deletion triggers an immediate OAuth-token revoke and a hard purge of revenue snapshots within thirty days. There is no fee, no hoops; the process is run by a human who replies in plain English.

When Shopify, Wix, or Webflow forward a customer privacy webhook (customers/data_request, customers/redact, etc.), Trama acknowledges receipt and processes the request automatically. Because we hold no customer personal data, the redaction response is typically a no-op — there is nothing to delete that isn't already absent.

§08other

Trama is a business-to-business product. We do not market to or knowingly collect data from anyone under 16. If you believe a minor's data is in our system, email privacy@gotrama.com and we will purge it.

When we change this policy in a way that affects what data we collect or how we process it, we will notify merchants by email at least 30 days before the change takes effect.

Questions about this policy go to privacy@gotrama.com. Security disclosures go to security@gotrama.com.

—

> see also: terms of service