Trovecs

Legal

Privacy Policy

Effective date: 6-30-2026Last updated: 7-1-2026

Trovecs, operated by STRATACUBE Inc. ("Trovecs," "we," "us," or "our"), provides the Trovecs platform and related services (the "Service"). This Privacy Policy explains what information we collect, how we use it, how we share it, and the rights and choices you have.

This policy covers both visitors to trovecs.com and customers of the Trovecs application. It also describes how we handle data accessed through Google APIs, including Google Drive.

If you have questions, contact us at [email protected].

1. Summary

  • We collect only the information reasonably necessary to provide, secure, and improve the Service, including account information, Customer Content that you authorize for use with the Service, and usage and billing information.
  • When you connect Google Drive, Trovecs requests only the drive.file OAuth scope and can access only the files and folders that you explicitly authorize. We cannot access the rest of your Google Drive.
  • Your original files remain in your Connected Storage Provider and under your control. Trovecs temporarily processes authorized files to provide the Service but does not permanently store your original files.
  • We do not sell your personal information. We do not use Customer Content for advertising or personalized advertising. We do not use your Customer Content or Google Workspace API data to develop, train, or improve generalized artificial intelligence or machine learning models.
  • You may request access to, correction of, or deletion of your personal information at any time by contacting [email protected]. We will respond within the timeframes required by applicable law.
  • Trovecs' use of information received from Google Workspace APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

2. Definitions

For purposes of this Privacy Policy, the following terms have the meanings set out below.

Customer Content

Customer Content means any information, files, images, metadata, product information, business information, documents, or other content that you choose to connect, authorize, provide, or otherwise make available to Trovecs in connection with your use of the Service.

Connected Storage Provider

Connected Storage Provider means a third-party cloud storage or file management service that you authorize Trovecs to access on your behalf, such as Google Drive or another supported storage provider. Trovecs accesses only the files and folders that you explicitly authorize through the applicable authorization process.

Derived Service Data

Derived Service Data means information generated by Trovecs solely to provide, maintain, secure, or improve the functionality of the Service for your account. Derived Service Data may include metadata, thumbnails, search references, indexes, and other information created through automated processing of Customer Content. Derived Service Data does not include your original files, which remain stored in your Connected Storage Provider and under your control unless otherwise expressly stated.

3. Information We Collect

The information we collect depends on how you interact with the Service and the features you choose to use.

3.1 Account and Business Information

When you create a Trovecs account, we may collect:

  • Name
  • Email address
  • Password (stored in encrypted or hashed form)
  • Company or organization name
  • User roles and account permissions (such as Owner, Admin, or Member)
  • Billing contact information

We use this information to create and manage your account, authenticate users, administer subscriptions, provide customer support, and communicate with you about the Service.

3.2 Customer Content

When you use the Service, you may provide or authorize Trovecs to access Customer Content necessary to provide the functionality you request.

Customer Content may include product-related information, business information, images, files, metadata, and other information that you choose to connect, authorize, or otherwise make available through the Service.

3.3 Content Accessed Through Connected Storage Providers

If you choose to connect Google Drive or another supported Connected Storage Provider, Trovecs may access Customer Content that you explicitly authorize through the applicable authorization process.

Trovecs accesses only the Customer Content necessary to provide the functionality you request. Additional information regarding our use of Google Workspace APIs is provided in Section 6 (Google Workspace API Use and Limited Use Compliance).

3.4 Usage and Technical Information

To operate, secure, and improve the Service, we automatically collect certain technical and operational information, including:

  • Log Data: IP address, browser type, device information, operating system, referring pages, timestamps, and pages visited.
  • Diagnostic Information: Technical error messages, stack traces, and other information necessary to diagnose and resolve service issues. Diagnostic information may include technical identifiers (such as file identifiers) but does not intentionally include the contents of Customer Content.
  • Usage Information: Feature usage, action timestamps, service activity, and operational metrics necessary to administer the Service.
  • Cookies and Similar Technologies: Cookies and similar technologies used to authenticate users, maintain secure sessions, remember preferences, and measure website and Service performance.

We do not use this information for advertising or share it with advertising networks.

3.5 Payment Information

Billing and payment information is processed by our third-party payment processor(s).

Trovecs does not store complete payment card numbers. We retain subscription status, invoices, payment history, and related billing information as necessary to administer your account and comply with applicable legal, accounting, and tax obligations.

3.6 Communications

If you contact us for customer support, sales inquiries, product feedback, or other communications, we may retain those communications and any information you choose to provide.

We use this information to respond to your requests, improve the Service, maintain customer support records, and communicate with you regarding your account or our services.

4. How We Use Your Information

We use the information we collect only for legitimate business purposes related to providing, operating, securing, maintaining, and improving the Service.

Specifically, we use your information to:

  • Provide, operate, maintain, and support the Service, including processing Customer Content and providing the functionality you request.
  • Authenticate users, manage accounts, and administer subscriptions.
  • Process payments and manage billing.
  • Communicate with you regarding your account, customer support requests, product updates, security notifications, and other service-related communications.
  • Monitor, maintain, secure, and improve the reliability, availability, and performance of the Service.
  • Detect, investigate, and prevent fraud, abuse, unauthorized access, and other security incidents.
  • Generate aggregated and de-identified analytics to understand product usage and improve the Service.
  • Comply with applicable laws, regulations, legal obligations, and enforce our Terms of Service.

Where reasonably possible, we use aggregated or de-identified information for analytics and product improvement.

We do not sell or rent personal information.

We do not use Customer Content or personal information for advertising, personalized advertising, or marketing profiling.

Information obtained through Google Workspace APIs is used only to provide or improve the user-facing functionality that you request within the Service.

We do not use Customer Content, including information obtained through Google Workspace APIs, to develop, train, or improve generalized artificial intelligence or machine learning models.

5. Legal Bases for Processing (EEA, United Kingdom, and Switzerland)

Where the General Data Protection Regulation (GDPR), the UK GDPR, or other applicable data protection laws apply, Trovecs processes personal information only where we have an appropriate legal basis to do so.

Depending on the circumstances, these legal bases may include:

  • Performance of a Contract — Processing necessary to provide the Service, manage your account, fulfill our contractual obligations, and provide the functionality you request.
  • Legitimate Interests — Processing necessary to operate, secure, maintain, improve, and protect the Service, prevent fraud and abuse, respond to customer requests, and enforce our legal rights, provided those interests are not overridden by your fundamental rights and freedoms.
  • Consent — Processing based on your consent, such as sending optional marketing communications or accessing certain third-party services where consent is required. You may withdraw your consent at any time, although doing so will not affect the lawfulness of processing carried out before your withdrawal.
  • Legal Obligation — Processing necessary to comply with applicable laws, regulations, court orders, tax, accounting, and other legal obligations.

Where required by applicable law, we will obtain your consent before processing personal information for purposes that require consent.

6. Google Workspace API Use and Limited Use Compliance

This section explains how Trovecs accesses, uses, and protects information obtained through Google Workspace APIs, including the Google Drive API.

Trovecs' use of information received from Google Workspace APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

6.1 Google Drive Permissions

Trovecs requests only the Google OAuth permissions necessary to provide the functionality you choose to use.

When you connect your Google account, Trovecs requests the drive.file OAuth scope. This permission allows Trovecs to access only the files and folders that you explicitly authorize through Google's OAuth authorization process, together with any files created by the Service where applicable.

Trovecs does not request broad access to your Google Drive, including permissions that would allow access to all files in your Drive.

Specifically, Trovecs does not request:

  • drive (full Google Drive access)
  • drive.readonly (read-only access to your entire Google Drive)
  • drive.metadata.readonly (metadata for your entire Google Drive)
  • Any other broad or restricted Google Drive scope not required to provide the Service

6.2 Why We Use the drive.file Scope

The drive.file scope provides only the access necessary for Trovecs to operate.

It allows Trovecs to access only the specific files and folders that you explicitly authorize through Google's OAuth authorization process. Trovecs cannot access files or folders outside the scope of your authorization.

We intentionally request the minimum permissions necessary to provide the Service and to protect your privacy.

6.3 How We Use Google Workspace API Data

When you connect Google Drive to Trovecs, we may:

  • Access only the files and folders that you explicitly authorize.
  • Read authorized files only as necessary to provide the functionality you request.
  • Process authorized Customer Content solely to provide the Service.Although the Google Drive drive.readonly permission provides read-only access to Google Drive, Trovecs is designed to process only the folders and files that you choose within the Service. Trovecs does not intentionally scan, index, analyze, or process unrelated content in your Google Drive.
  • Store only Derived Service Data reasonably necessary to provide, maintain, and support the Service.

Trovecs accesses only the minimum information reasonably necessary to provide the functionality you request.

Trovecs uses Google Drive access only to provide the functionality you request. Trovecs does not modify, create, move, rename, or delete files in your Google Drive, and does not intentionally process content unrelated to the folders you choose within the Service. We do not modify or delete your Google Drive files. We do not publish, distribute, or make your Customer Content publicly available.

Your original files remain in your Connected Storage Provider and under your control. Trovecs is not a system of record for your original files. Original files are processed only as necessary to provide the functionality you request and are not permanently stored by Trovecs.

6.4 Limited Use Commitment

Trovecs' use of information received from Google Workspace APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically, Trovecs does not:

  • Sell Google Workspace API data.
  • Transfer Google Workspace API data to advertising platforms, data brokers, or information resellers.
  • Use Google Workspace API data for serving advertisements, including personalized, interest-based, or retargeted advertising.
  • Use Google Workspace API data to determine creditworthiness or for lending purposes.
  • Use Google Workspace API data or Customer Content to develop, train, or improve generalized artificial intelligence or machine learning models.
  • Use Google Workspace API data for purposes unrelated to providing or improving the user-facing functionality you request.

Google Workspace API data is processed only as necessary to provide the Service, protect the security and integrity of our systems, comply with applicable law, or as otherwise permitted by the Google API Services User Data Policy.

6.5 Human Access to Customer Content

Trovecs is designed so that Customer Content is processed automatically.

We do not routinely access or review Customer Content.

A member of our workforce may access Customer Content only when:

  • You explicitly request technical support or authorize us to investigate a specific issue.
  • Access is reasonably necessary to investigate fraud, abuse, or a security incident.
  • Access is required to comply with applicable law or a valid legal process.
  • Access is necessary to protect the security, integrity, or reliability of the Service.

Any such access is limited to the minimum reasonably necessary to perform the authorized task.

6.6 Revoking Google Access

You may revoke Trovecs' access to your Google account at any time by:

  • Disconnecting your Google account within the Service; or
  • Removing Trovecs from your connected applications through your Google Account security settings.

After access is revoked, Trovecs will no longer access newly authorized Google Workspace data.

Previously generated Derived Service Data will be retained or deleted in accordance with Section 9 (Data Retention and Deletion) and applicable law.

6.7 Customer Control

You remain in control of your Google Drive connection at all times.

You may:

  • Connect or disconnect Google Drive.
  • Select which folders you wish to use with the Service.
  • Revoke Google Drive access at any time through your Google Account.

Disconnecting Google Drive prevents Trovecs from accessing additional Google Drive content. Previously generated Derived Service Data is handled in accordance with Section 9 (Data Retention and Deletion).

7. AI Processing

Trovecs uses automated technologies, including artificial intelligence ("AI"), to provide the functionality you request through the Service.

Customer Content may be processed by trusted AI processing providers solely for the purpose of providing, maintaining, and supporting the Service. Processing by AI providers is limited to providing the user-facing functionality you request within the Service.

Any third-party AI processing providers engaged by Trovecs are contractually required to:

  • Process Customer Content only on our behalf and in accordance with our instructions.
  • Maintain appropriate administrative, technical, and organizational safeguards to protect Customer Content.
  • Not use Customer Content or Derived Service Data to develop, train, or improve generalized artificial intelligence or machine learning models.
  • Not use Customer Content for advertising, marketing, or any purpose unrelated to providing services to Trovecs.

Derived Service Data generated through automated processing is stored securely and used only as reasonably necessary to provide, maintain, secure, and improve the functionality of the Service for your account.

We do not share Customer Content or customer-specific Derived Service Data with other customers, sell it to third parties, or make it publicly available.

We do not use Customer Content, Derived Service Data, or information obtained through Google Workspace APIs to develop, train, or improve generalized artificial intelligence or machine learning models.

8. How We Share Your Information

We share personal information only in the limited circumstances described below.

8.1 Service Providers (Subprocessors)

Trovecs uses trusted third-party service providers ("subprocessors") to help operate, secure, maintain, and support the Service.

These providers may perform services such as:

  • Cloud hosting and infrastructure
  • Payment processing
  • Transactional email delivery
  • Customer support
  • Security monitoring and incident response
  • Analytics (where enabled)
  • AI processing

Our subprocessors may access personal information or Customer Content only to the extent reasonably necessary to perform services on our behalf. They are contractually required to protect your information, maintain appropriate safeguards, and use it only in accordance with our instructions. Where a subprocessor receives information obtained through Google Workspace APIs, that information is disclosed only as necessary to provide the functionality you request and remains subject to the Google API Services User Data Policy, including the Limited Use requirements.

8.2 Legal and Safety Disclosures

We may disclose personal information when we reasonably believe disclosure is necessary to:

  • Comply with applicable law, regulation, court order, or lawful government request.
  • Protect the rights, property, or safety of Trovecs, our customers, or others.
  • Detect, investigate, or prevent fraud, security incidents, abuse, or violations of our Terms of Service.
  • Protect the security, integrity, or reliability of the Service.

8.3 Business Transactions

If Trovecs is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, personal information may be transferred as part of that transaction, subject to applicable law and the commitments described in this Privacy Policy.

8.4 What We Never Do

Trovecs does not:

  • Sell personal information.
  • Rent Customer Content or personal information.
  • Share personal information with advertising networks, data brokers, or information resellers.
  • Use Customer Content or Google Workspace API data for advertising or personalized advertising.

9. Data Retention and Deletion

We retain personal information only for as long as reasonably necessary to provide the Service, fulfill the purposes described in this Privacy Policy, comply with legal obligations, resolve disputes, enforce our agreements, and protect the security and integrity of the Service.

  • Account Information is retained while your account remains active and for a reasonable period after account closure to comply with legal, accounting, tax, security, and fraud prevention obligations.
  • Customer Content is retained while your account remains active or until you delete the content or your account, subject to applicable legal obligations.
  • Derived Service Data (such as metadata, thumbnails, search references, and other information generated solely to provide the Service) is retained while your account remains active. If you disconnect a Connected Storage Provider or revoke Trovecs' access, the associated Derived Service Data is no longer used to provide the Service and is retained only in accordance with this retention policy.
  • Original files stored in your Connected Storage Provider are not retained by Trovecs and remain under your control.
  • Billing and financial records are retained for the periods required by applicable tax, accounting, financial, and other legal obligations.

Backup Retention

When you delete your account or request deletion of your personal information, Trovecs deletes or anonymizes your information from active production systems without undue delay, subject to applicable legal obligations.

Deleted information may remain in secure, encrypted backup systems for up to thirty (30) days solely for disaster recovery and business continuity purposes, after which it is permanently removed through our normal backup lifecycle.

Backup copies are maintained only for disaster recovery and business continuity purposes and are not used for routine business operations.

9.1 Requesting Access, Correction, or Deletion

You may request access to, correction of, or deletion of your personal information at any time by contacting [email protected] or, where available, by using the in-app account deletion feature.

We will acknowledge your request promptly and respond within the timeframes required by applicable law.

If we are unable to fulfill your request in whole or in part—for example, because we are required to retain certain information to comply with legal, accounting, tax, regulatory, or security obligations—we will explain the reason for the retention.

This process is available to all users, regardless of where they reside. You may also contact us to confirm whether we process personal information relating to you.

10. Data Security

We take the security of personal information seriously. We maintain appropriate administrative, technical, and organizational safeguards designed to protect personal information against unauthorized access, disclosure, alteration, and destruction.

These safeguards include, where appropriate:

  • Encryption of data in transit using industry-standard TLS.
  • Encryption of sensitive information at rest, including OAuth access and refresh tokens.
  • Encryption key management using commercially reasonable key management practices.
  • Access controls based on the principle of least privilege and strict need-to-know access.
  • Authentication and authorization controls for internal systems.
  • Security monitoring, logging, and incident response procedures.
  • Regular review of infrastructure, software dependencies, and system security.
  • Secure software development practices, including code review, dependency scanning, and vulnerability management.

While we use commercially reasonable measures to protect personal information, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

If we become aware of a security incident affecting personal information, we will investigate the incident and provide any notifications required by applicable law. If you believe your account has been compromised, please contact us promptly at [email protected].

11. Your Rights and Choices

Depending on your location and applicable law, you may have certain rights regarding your personal information.

These rights may include:

  • Access — Request a copy of the personal information we hold about you.
  • Correction — Request correction of inaccurate or incomplete personal information.
  • Deletion — Request deletion of your personal information.
  • Portability — Receive your personal information in a portable format, where applicable.
  • Restriction — Request that we restrict certain processing activities.
  • Objection — Object to certain processing activities.
  • Withdraw Consent — Withdraw your consent where processing is based on consent.

To exercise any of these rights, please contact us at [email protected].

We will acknowledge your request promptly and respond within the timeframes required by applicable law. We may request information necessary to verify your identity before responding to your request.

11.1 California Residents

If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA). These rights may include the right to know what personal information we collect, use, disclose, and retain; the right to request correction or deletion of personal information; and the right to receive a copy of your personal information, subject to applicable exceptions.

Trovecs does not sell personal information or share personal information for cross-context behavioral advertising as those terms are defined under California law.

11.2 European Economic Area, United Kingdom, and Switzerland

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, you may have additional rights under applicable data protection laws, including the GDPR and UK GDPR.

Where required by law, we process personal information only on an appropriate legal basis, as described in Section 5 (Legal Bases for Processing). You also have the right to lodge a complaint with your local supervisory authority if you believe your personal information has been processed unlawfully.

11.3 Do Not Track

Some web browsers incorporate a "Do Not Track" ("DNT") feature that signals to websites that you do not wish to have your online activity tracked. Because there is currently no universally accepted standard for responding to DNT signals, Trovecs does not currently respond to such signals.

12. International Data Transfers

Trovecs is based in the United States, and we and our trusted service providers may process personal information in the United States and other countries where we operate or engage service providers.

If you access the Service from outside the United States, your personal information may be transferred to, stored, and processed in countries that may have data protection laws different from those in your jurisdiction.

Where required by applicable law, Trovecs relies on appropriate safeguards for international data transfers, including the European Commission's Standard Contractual Clauses, the UK International Data Transfer Addendum (where applicable), or other lawful transfer mechanisms.

13. Children's Privacy

The Service is not intended for individuals under the age of eighteen (18), and we do not knowingly collect personal information from children.

If we become aware that we have collected personal information from a child in violation of applicable law, we will take reasonable steps to delete that information.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our business, technology, legal requirements, or privacy practices.

When we make material changes, we will provide notice through the Service, by email where appropriate, or by other reasonable means as required by applicable law.

The Last Updated date at the top of this Privacy Policy indicates when it was most recently revised.

15. Contact Us

If you have questions about this Privacy Policy or our privacy practices, or if you wish to exercise your privacy rights, please contact us:

STRATACUBE Inc.

Email: [email protected]

For security-related matters, please contact:

Email: [email protected]

Trovecs

Product image operations for ecommerce teams. Find, organize, govern, and validate product images across every marketplace.

Product

  • Pricing
  • Start Free Trial

Resources

  • Resource Center
  • Marketplace Compliance
  • Product Asset Management
  • Tools & Calculators

Company

  • Privacy
  • Terms
  • Google API Disclosure
  • Contact