Treoir

Privacy Policy

Last updated: March 2026

1. Who We Are

Treoir Ltd. is a company registered in Ireland. We operate the Treoir shipping optimisation platform. For the purposes of data protection law, we are the data controller for personal data processed through our website and Service.

Contact: david@treoir.dev

2. What Data We Collect

We collect the following categories of personal data:

Account data

When you register for the Service or submit the interest form: your name, email address, company name, and any information you provide voluntarily.

Shipment data

When you use the Service: origin and destination addresses (postal codes, cities, states/counties, countries), package dimensions and weights, carrier selections, and shipment tracking information.

Usage data

API request logs, optimisation results, feature usage, and performance metrics. This data is used to operate and improve the Service.

Technical data

IP addresses, browser type, and device information collected automatically when you visit our website. We use this for security and analytics purposes.

3. Legal Basis for Processing (GDPR)

We process your personal data on the following legal bases:

  • Contract: Processing necessary to provide the Service you have requested (Article 6(1)(b) GDPR).
  • Legitimate interest: Processing necessary for our legitimate interests in operating, improving, and securing the Service, where those interests are not overridden by your rights (Article 6(1)(f) GDPR).
  • Consent: Where you have given specific consent, for example when submitting the interest form (Article 6(1)(a) GDPR).
  • Legal obligation: Processing necessary to comply with applicable laws (Article 6(1)(c) GDPR).

4. How We Use Your Data

We use your data to:

  • Provide, operate, and maintain the Service
  • Process shipping optimisation requests and carrier bookings
  • Communicate with you about the Service, including updates and support
  • Monitor and improve the performance and accuracy of our optimisation engine
  • Detect and prevent fraud, abuse, or security incidents
  • Comply with legal obligations

We do not sell your personal data to third parties. We do not use your data for advertising purposes.

5. Data Sharing

We share your data only with:

  • Shipping carriers (USPS, UPS, FedEx, DHL, etc.) to the extent necessary to book and track shipments on your behalf.
  • Infrastructure providers (hosting, database, payment processing) who process data on our behalf under data processing agreements.
  • Legal authorities when required by law or to protect our legal rights.

6. International Transfers

Some of our infrastructure providers are based outside the European Economic Area (EEA). Where data is transferred outside the EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission, or reliance on an adequacy decision.

7. Data Retention

We retain account data for as long as your account is active. Shipment data is retained for 24 months after the shipment is delivered, after which it is deleted or anonymised. Usage logs are retained for 12 months. We may retain certain data longer where required by law (e.g., for tax or accounting purposes).

8. Your Rights (GDPR)

Under the GDPR, you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Erase your data ("right to be forgotten")
  • Restrict processing of your data
  • Port your data to another service
  • Object to processing based on legitimate interest
  • Withdraw consent at any time where processing is based on consent

To exercise any of these rights, contact us at david@treoir.dev. We will respond within 30 days.

You also have the right to lodge a complaint with the Irish Data Protection Commission (dataprotection.ie) if you believe your rights have been infringed.

9. Cookies

Our website uses only essential cookies required for the Service to function (e.g., theme preference stored in localStorage). We do not use advertising cookies, tracking pixels, or third-party analytics that track individual users.

10. Security

We implement appropriate technical and organisational measures to protect your data, including encryption in transit (TLS), encryption at rest for sensitive data, access controls, and regular security reviews. API keys are stored as cryptographic hashes, not in plain text.

11. Changes

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and, where appropriate, by email.

12. Contact

For any privacy-related questions or to exercise your data rights, contact: david@treoir.dev