Privacy Policy

Last updated: March 2026

This Privacy Policy explains how Trio — AI 2 Design, a product of ai2.design, operated by BEY AGENCY LTD ("Trio," "we," "us," or "our") collects, uses, stores, and protects your information when you use our Figma plugin, companion server software, website (trio.ai2.design), and related services (collectively, the "Service").

By using the Service, you agree to the collection and use of information as described in this policy. If you do not agree, please do not use the Service.

1. Introduction

By using the Service, you agree to the collection and use of information as described in this policy. If you do not agree, please do not use the Service.

2. Information We Collect

2a. Information You Provide

Data	When	Purpose
Email address	Account registration	Authentication, communication
Password (hashed)	Account registration	Authentication
Display name	Profile setup	Personalization
Avatar URL	Profile setup (optional)	Personalization
Timezone & language preference	Settings	Localization
Payment information	Subscription purchase	Billing (processed by Stripe — we do not store card numbers)
Team name & member emails	Team creation	Team management

2b. Information Collected Automatically

Data	When	Purpose
Daily usage counters	Each prompt execution	Enforce plan limits, usage dashboard
Session metadata	Plugin connection	Device type, connection time, last active
IP address	Server connection	Security, session management
Subscription status	Plan changes	Access control

2c. Information We Do NOT Collect

We want to be explicit about what we never collect or store:

Your prompts — the text you type into the plugin is not stored on our servers
Your Figma designs — we do not access, copy, or store any design content from your Figma files
Your generated output — designs created by Trio remain in your Figma file only
Reference images — images you attach to prompts are not stored
Code export output — generated code is delivered to you and not retained
Figma file contents — we have no access to your Figma files beyond what the plugin needs to execute commands

3. How We Use Your Information

We use collected information for the following purposes:

Provide the Service — authenticate your account, enforce plan limits, manage subscriptions
Improve the Service — analyze aggregate usage patterns (not individual prompt content) to improve AI tool performance
Communication — send transactional emails (password reset, subscription confirmations) and optional notifications (usage warnings, renewal reminders, weekly digest)
Security — detect unauthorized access, prevent abuse, maintain session integrity
Billing — process payments, generate invoices, handle subscription changes via Stripe
Legal compliance — respond to legal requests, enforce our Terms of Service

We do not:

Sell your personal data to third parties
Use your data for advertising or ad targeting
Share individual usage data with other users (except aggregate team statistics visible to team admins)
Use your prompts or designs to train AI models

4. Third-Party Services

Trio integrates with the following third-party services, each with their own privacy policies:

Service	Purpose	Data Shared	Privacy Policy
Anthropic (Claude AI)	AI processing	Your text prompts (sent at time of use, not stored by us)	anthropic.com/privacy
Supabase	Authentication, database	Account info, usage data, subscription data	supabase.com/privacy
Stripe	Payment processing	Payment method, billing address, email	stripe.com/privacy
Figma	Plugin platform	Plugin usage (governed by Figma's plugin terms)	figma.com/privacy

Anthropic Data Handling

When you submit a prompt, your text is sent to Anthropic's Claude AI for processing. Anthropic's enterprise privacy commitments state that:

Your inputs and outputs are not used for model training
Data is processed in accordance with Anthropic's privacy policy and data retention practices
Anthropic may retain data for safety monitoring and abuse prevention as described in their policies

We recommend reviewing Anthropic's privacy policy for complete details on how they handle data.

5. Data Storage and Security

Where Data is Stored

Account and usage data: Supabase cloud infrastructure (encrypted at rest and in transit)
Payment data: Stripe's PCI-compliant infrastructure (we never see or store full card numbers)
Plugin data: Your local machine (companion server runs locally)

Security Measures

All data in transit is encrypted using TLS 1.2+
Database access requires authentication via JWT tokens
Subscription-sensitive fields are protected by database triggers that prevent unauthorized modification
Row-Level Security (RLS) is enabled on all database tables
The companion server communicates over localhost — design data does not traverse the internet
Passwords are hashed and never stored in plaintext

Data Retention

Account data: Retained while your account is active. Deleted upon account deletion request.
Usage counters: Retained for analytics purposes. Individual daily records older than 12 months may be aggregated.
Session data: Active sessions are removed when you disconnect. Inactive sessions are cleaned up periodically.
Audit logs: Retained for up to 24 months for security purposes.
Invoices: Retained as required by applicable tax and financial regulations.

6. Your Rights

Depending on your jurisdiction, you may have the following rights:

Right	Description
Access	Request a copy of the personal data we hold about you
Rectification	Correct inaccurate personal data
Deletion	Request deletion of your account and associated data
Portability	Receive your data in a structured, machine-readable format
Objection	Object to processing of your data for certain purposes
Restriction	Request restriction of processing under certain conditions
Withdraw consent	Withdraw consent for optional processing (e.g., marketing emails) at any time

To exercise any of these rights, contact us at hello@ai2.design.

For EU/EEA residents, see our GDPR Policy for additional rights and protections.

7. Children's Privacy

Trio is not directed at children under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, contact us at hello@ai2.design and we will promptly delete it.

8. Notification Preferences

You control which communications you receive:

Notification	Default	Control
Usage limit warnings	On	Toggle in Settings
Subscription renewal reminders	On	Toggle in Settings
Payment failure alerts	On	Toggle in Settings
Weekly usage digest	Off	Toggle in Settings

Transactional emails (password reset, subscription confirmation, security alerts) cannot be disabled as they are necessary for account security and service operation.

9. International Data Transfers

Your data may be processed in countries outside your jurisdiction. We ensure appropriate safeguards are in place:

Supabase and Stripe maintain compliance with international data transfer frameworks
Anthropic processes data in accordance with their published data processing practices
Where required, we rely on Standard Contractual Clauses (SCCs) or equivalent mechanisms

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes:

We will update the "Effective Date" at the top of this page
We will notify you via email or in-app notification for significant changes
Continued use of the Service after changes constitutes acceptance

11. Contact Us

For questions, concerns, or requests regarding this Privacy Policy:

Parent Company: BEY AGENCY LTD
Address: Suite 90415 Brayford Square, London, United Kingdom, E1 0SG
Company Number: 16435596
Email: hello@ai2.design
Website: ai2.design/contact

For data protection inquiries in the EU, you may also contact your local Data Protection Authority.

Questions about our privacy practices?

Contact our privacy team at hello@ai2.design