Trestle
Home

Trestle Privacy Policy

Effective date: July 16, 2026

This Privacy Policy explains what information Trestle collects, how we use it, and the choices you have. Trestle is a co-parenting communication service whose core purpose is creating a permanent, unalterable communication record — that purpose shapes how your data is handled, and this policy is explicit about it.

1. Information We Collect

Account information. Your phone number (used for sign-in verification), display name, and optional profile details (photo, username). Your phone number is used for verification and, only if you opt in, shared with your co-parent.

Communication records. Messages you send and receive, message delivery and first-read timestamps, call activity (who called whom, when, for how long), call recordings where recording consent conditions are met, call transcripts, and shared calendar events. These are written to a permanent archive at the time they occur — see Section 3.

Diagnostics. Crash reports and reliability telemetry (for example: connection failures, message send failures, app start time). These contain event names, timestamps, and device/OS information — never message content. You can disable diagnostics sharing in Settings; crash reporting helps us keep the Service working.

Device information. Device type, operating system version, app version, and push notification tokens.

2. How We Use Information

  • To deliver messages, calls, and calendar updates between you and your co-parent
  • To maintain the permanent communication record that is the core of the Service
  • To provide optional AI features you invoke (see Section 5)
  • To send notifications you have enabled
  • To operate, debug, and improve the Service (diagnostics)
  • To respond to legal process and enforce our Terms

We do not sell your personal information, and we do not use the content of your communications for advertising.

3. The Permanent Record — Retention You Should Understand

Unlike a typical messenger, Trestle is designed so that communication records cannot be deleted or altered by anyone, including us in the ordinary course:

  • Every message, delivery event, read event, call, and transcript is copied to an append-only archive when it happens.
  • Archive copies are stored on write-once storage with multi-year retention and cryptographic integrity chains, so tampering is detectable.
  • Deleting the app, deleting a message from your device, or closing your account does not remove archived records.
  • Both parents in a family have equal access to the record of their shared communication, including exports.

This permanence is a disclosed, fundamental feature of the Service — it is what makes the record trustworthy for both parents.

4. When We Share Information

  • With your co-parent: communication between you is, by design, visible to both of you, including its delivery/read record.
  • With professionals you choose: you may export records or share them with attorneys, mediators, or courts through features in the app.
  • With service providers that process data on our behalf: cloud hosting and storage (Amazon Web Services), sign-in verification (Supabase), calling infrastructure (LiveKit), transcription (Deepgram), AI processing (Anthropic), and crash reporting (Sentry). Each receives only what is needed for its function.
  • For legal reasons: we respond to valid subpoenas, court orders, and other legal process. Given the nature of the Service, records requests in family proceedings are expected and supported.

5. AI Features

Optional features like tone analysis can run either on your device (no data leaves your phone) or through our servers using an AI provider (Anthropic). Cloud analysis processes only the draft text you submit at that moment; drafts analyzed before sending are not stored in the permanent record unless you send the message. AI providers we use are contractually restricted from training on your data.

6. Security

Data is encrypted in transit (TLS) and at rest. Archive storage uses write-once (WORM) object storage with integrity verification. Access to production systems is restricted. No system is perfectly secure; we will notify you of breaches as required by law.

7. Your Rights and Choices

  • Access and export: you can export your communication records at any time in the app.
  • Profile: you can update or remove profile details.
  • Diagnostics: you can opt out of diagnostics sharing in Settings.
  • Deletion: you may delete your account, which removes profile data and stops all future collection. However, the communication archive is retained notwithstanding deletion requests, based on: (a) the disclosed, contracted-for nature of the Service, (b) your co-parent's equal interest in the shared record, and (c) legal bases including the establishment, exercise, or defense of legal claims (e.g., GDPR Art. 17(3)(e)). We will tell you exactly what is and is not removed when you request deletion.

8. Children

The Service is for adults (18+). Communication records may reference children because that is the purpose of co-parenting communication, but children may not use the Service, and we do not knowingly collect information directly from children.

9. Data Location

Data is stored in the United States.

10. Changes to This Policy

If we make material changes, we will ask you to review and accept the updated policy in the app.

11. Contact

Privacy questions or requests: [email protected]

© 2026 TrestleTermsPrivacyContact