Terms of service.
Treevah Privacy Policy
Effective Date: August 18, 2025
Last Updated: August 18, 2025
1. Introduction
1.1 Welcome to Treevah, a cloud-based file organization and storage service operated by Treevah LLC (“Treevah,” “we,” “us,” or “our”). This Privacy Policy explains how we collect, use, store, and protect information when you use our website at https://www.treevah.com and our applications (collectively, the “Service”).
1.2 By using Treevah, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use the Service.
1.3 This Privacy Policy applies to all users of Treevah and covers our data-handling practices across the Service.
2. Information We Collect
2.1 Account and Authentication Information
2.1.1 When you create an account using the Microsoft Authentication Library (MSAL), we collect:
Full name from your Microsoft personal account
Email address associated with your Microsoft account
Microsoft access tokens (we never see or store your Microsoft password)
Profile information made available from your Microsoft personal account
2.1.2 Authentication is handled by Microsoft’s secure systems. At this time, Treevah supports personal Microsoft accounts (not enterprise/educational accounts).
2.2 OneDrive Integration Data
2.2.1 Treevah requires OneDrive integration to function. Through Microsoft Graph API we access:
Files and folders you explicitly select to organize within Treevah
File metadata (name, size, type/extension, creation/modification timestamps)
Changes made to files when you open or edit them in Microsoft applications
Synchronization signals/events between OneDrive and Treevah
2.2.2 We only access files you explicitly choose to organize with Treevah. We do not read, index, or delete other files in your OneDrive.
2.3 Files and Content
2.3.1 Files and folders you upload to Treevah or sync from OneDrive.
2.3.2 File metadata stored in our PostgreSQL database, including:
File names, sizes, and types
Creation and modification timestamps
Folder structures and organization preferences you create
File access and usage patterns related to the Service
2.4 Usage and Technical Data
2.4.1 How you interact with the Service (navigation, feature usage, clicks).
2.4.2 Device/technical information:
Browser type and version; operating system
IP address and general location
Device identifiers
2.4.3 Cookies and similar technologies for functionality, security, and analytics.
2.4.4 Error logs, performance, and diagnostics.
2.4.5 Access logs and security-related events.
3. How We Store and Protect Your Data
3.1 Storage Infrastructure
3.1.1 Files are stored on Microsoft Azure Blob Storage with industry-standard encryption.
3.1.2 File metadata and organizational data are stored in a PostgreSQL database hosted on Azure.
3.1.3 Our backend runs on Node.js and our frontend on React, hosted on Azure.
3.2 Encryption and Security
3.2.1 Data in transit is protected with TLS/SSL.
3.2.2 Data at rest is encrypted using Azure encryption standards.
3.2.3 Tokens and sensitive credentials are secured using industry best practices.
4. How We Use Your Information
4.1 We use information to:
Provide, operate, and improve the Service
Authenticate your identity through Microsoft
Enable OneDrive integration and file synchronization
Organize and manage your files according to your preferences
Communicate about your account, updates, and important notices
Provide customer support
Ensure security and prevent fraud, abuse, or unauthorized access
Comply with legal obligations and enforce our terms
4.2 We may use aggregated, de-identified data for analytics and service improvement.
5. Information Sharing and Third-Party Services
5.1 Service Providers
5.1.1 We share information with third parties necessary to operate the Service, including:
Microsoft Azure (infrastructure, storage, database hosting)
Microsoft Graph API (OneDrive integration and sync)
Stripe (payments and subscription management)
Microsoft Clarity (usage analytics, if enabled)
GitHub (internal use only) (development and CI/CD)
5.1.2 We share the minimum information necessary for these services to function.
5.2 Legal Requirements and Safety
We may disclose information to comply with laws, court orders, or government requests; to protect our rights, property, or safety; or to detect/prevent fraud, security incidents, or illegal activity.
5.3 Business Transfers
If Treevah is involved in a merger, acquisition, reorganization, or asset sale, your information may be transferred as part of that transaction.
5.4 No Sale of Personal Information
We do not sell, trade, or rent personal information for commercial purposes.
6. Data Security Measures
6.1 We employ safeguards including:
Role-Based Access Control (RBAC)
Encryption in transit and at rest
Secure authentication via Microsoft
Regular security assessments and updates
Access controls and monitoring
Audit logs for data access and changes
Employee training on security and data protection
6.2 Security Disclaimer: No system is 100% secure. While we take reasonable measures, we cannot guarantee absolute security against all threats.
7. Sensitive File Handling and Your Responsibilities
7.1 Treevah is designed for general file organization and storage. We recommend that you do not upload highly sensitive information, including:
Health/medical records
Government IDs
Banking or financial account data
Legal documents requiring special protection
Trade secrets or highly confidential business information
7.2 You are responsible for deciding what to store in Treevah.
7.3 We cannot guarantee against accidental deletion, corruption, or loss of files due to technical issues, user error, or external events.
7.4 Maintain independent backups of important files outside Treevah.
8. Your Rights and Choices
8.1 Depending on your location, you may have rights to:
Access your personal information
Correct inaccurate or incomplete data
Delete your account and associated data
Port your data in a commonly used format
Withdraw consent for OneDrive integration (note: this will disable Treevah)
Manage communications and opt out of non-essential emails
8.2 To exercise these rights, contact us at support@treevah.com. We will respond within a reasonable time consistent with applicable law.
8.3 OneDrive integration is required to use Treevah; withdrawing consent for OneDrive access will make the Service unavailable.
9. Data Retention
9.1 We retain data as follows:
Account and metadata: retained while your account is active
Files: retained according to your plan and account status
Usage/analytics data: retained up to 2 years
Deleted files: may be recoverable for up to 30 days via backups
9.2 After account deletion, we delete your data within 30 days, except where retention is required by law or for legitimate business purposes.
9.3 Some information may persist in operational backups for a limited period after deletion.
10. Service Notifications
10.1 We may notify you by email or in-app about:
Major outages affecting access or synchronization
Security issues or incidents
Material changes to this Privacy Policy or our Terms
Account suspension or termination
10.2 Certain critical notifications are required and cannot be disabled.
11. Children’s Privacy
Treevah is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided personal information, contact support@treevah.com and we will delete it.
12. International Data Transfers
Your information may be processed and stored in the United States and other locations where Microsoft Azure operates. We implement appropriate safeguards consistent with applicable data-protection laws. By using the Service, you consent to these transfers.
13. Changes to This Privacy Policy
We may update this Privacy Policy to reflect changes in our practices, technology, or legal requirements. We will provide prominent notice of material changes at least 30 days before they take effect. Your continued use after the effective date constitutes acceptance.