Privacy & Data Protection
Information we collect
Triage gathers account details (name, email, organization), product telemetry including feature usage and device metadata, and billing identifiers processed through Stripe. The service processes production logs, source-code excerpts, generated patches and pull-request metadata solely to fulfill the requested triage and remediation functionality.
Account creation requires confirmation that the user meets age requirements. Children under 13 (COPPA) or 16 where required by local law must not register.
How we use your information
The platform uses account data for authentication, service delivery, operational communications and legal compliance. Telemetry supports platform reliability, abuse prevention and capacity planning. CBL Multiservice LLC does not engage in personal data sales and restricts usage to service provision and improvement.
Data retention
Active customer content (logs, runs, generated diffs and PR metadata) remains available throughout the subscription plus 90 days for disaster recovery purposes. Inactive accounts — those without login or active contract for 24 consecutive months — are routinely deleted unless law mandates longer retention for audit or billing purposes. Users may request deletion at any time by contacting customerservice@triagehub.ai.
International transfers & legal bases
Primary infrastructure operates in the United States and on tenant-owned environments when contracted as Enterprise self-hosting. For GDPR and LGPD-subject customers, the company relies on Standard Contractual Clauses (SCCs) or comparable safeguards with subprocessors.
California & U.S. rights
California residents possess rights under CCPA and CPRA, including access, deletion, correction and opting out of data sharing. These rights are exercisable via customerservice@triagehub.ai or dashboard request forms. Verification occurs before response, with resolution logged and delivered within 45 days (extendable once when legally permitted).
Terms of Service
Account, Free plan and eligibility
Users confirming account creation represent they are legally permitted to do so and are at least 18 years old, or possess valid parental/guardian consent where applicable. Unless agreed in writing, new accounts begin on the Free plan described on the Pricing page.
The Free plan is promotional in nature, may change over time and can be adjusted, restricted or discontinued.
Material changes to Free plan terms or to these Terms trigger advance notification via email and in-product notice. Continued use of the Service after the effective date of updated terms constitutes acceptance.
Acceptable use
Users bear responsibility for content uploaded, streamed, generated or analyzed through Triage. Prohibited activities include intellectual property violation, spam transmission, malicious code production and unlawful content publication. Users must maintain credential security and notify us immediately if unauthorized account activity is suspected.
Service availability
The service operates on an "as is" basis targeting uptime specified in subscription plans. Scheduled maintenance and emergency interventions may affect availability with advance notice when possible.
Billing, renewals and non-payment
Paid subscriptions bill in advance on recurring monthly or annual cycles until cancellation through the account or termination under these Terms. Failed renewal charges trigger email notification and retry attempts.
If full payment remains unpaid for 5 consecutive calendar days after the due date, access may be suspended or restricted until the outstanding balance is settled.
Inactive or unpaid subscriptions may be permanently downgraded, canceled or deleted after reasonable periods, aligned with data retention rules and mandatory legal requirements.
Limitations of liability
To the maximum extent allowed by California law, CBL Multiservice LLC is not liable for indirect, incidental or consequential damages, lost profits, business interruption or data loss arising from service use.
Aggregate liability caps at fees paid in the preceding 12 months.
Refunds and prorated credits
Payments are generally non-refundable once captured except where consumer protection laws mandate rights such as cooling-off periods. When a user requests an upgrade before the end of the current cycle, the prorated value of unused days converts automatically to credit applied to the new subscription. These credits apply only forward, cannot be withdrawn as cash, and expire when the billing cycle closes. Where local law guarantees additional cancellation or refund rights for digital services, those rights prevail over this clause.
Brand and commercial use
Triage and TriageHub names, logos and visual assets are trademarks. They may be referenced for legitimate integration or customer-story descriptions without implying endorsement. Marketing use requires prior written approval. Triage, the website triagehub.ai and all services are owned and operated by CBL Multiservice LLC, responsible for commercial agreements and compliance obligations. Users retain ownership of their own trademarks and content.
AI-generated content and accuracy
Diagnoses, generated patches, code suggestions and pull-request descriptions produced by Triage may contain mistakes, omissions or distortions even when they appear fluent or confident.
Users remain responsible for independent review of every generated diff, test result and PR before merging or relying on outputs in production, security-sensitive, regulatory or safety-critical contexts. The provider makes reasonable quality improvement efforts but does not guarantee perfect accuracy or suitability for any particular purpose.
Governing law and changes to these Terms
These Terms and any related dispute are governed by the laws of the State of California, excluding its conflict-of-law rules, and applicable U.S. federal law.
Mandatory consumer protections in the user's country are not limited by this choice of law. The company may update these Terms, pricing or plan structure to reflect product changes, legal requirements or business needs. Material changes are communicated by email and in-product notice with effective dates. Users may cancel before the effective date; continued use after that date means acceptance of the updated Terms.
Data Processing & Third Parties
Subprocessors
Triage relies on the following vetted vendors to deliver core capabilities:
- Anthropic — Claude family LLMs used for diagnosis, fix generation and PR descriptions.
- Z.AI — GLM family LLMs used as primary or fallback provider for code agents.
- OpenRouter — secondary LLM gateway used for fallback routing and model experiments.
- Stripe — payment processing for paid subscriptions.
- Resend / SMTP relay — transactional email (notifications, account messages).
Additional vetted providers may appear in the subprocessors registry. Contractual confidentiality requirements apply to every subprocessor; the provider acknowledges it cannot guarantee absolute secrecy once data is processed by third-party APIs.
Sensitive data warning
Users must not submit passwords, API keys, payment card numbers, social security numbers, medical records or similarly sensitive data to Triage in logs, code or attachments.
Code excerpts and log lines processed through partner LLM APIs could be subject to their security posture and may be exposed in case of their breach. Operators are expected to redact secrets and customer PII at the source (collector, log shipper or repository) before submission.
Data Processing Addendum (DPA)
The DPA incorporates SCCs for GDPR compliance, outlines LGPD roles (CBL Multiservice LLC as operador), and describes security controls including encryption in transit, role-based access and incident response. The DPA applies automatically upon Terms acceptance or Enterprise agreement execution.
Security Practices
Encryption and access controls
All connections between the customer environment, the Sentinel agent and TriageHub services use TLS 1.2 or above. Persistent customer data is stored encrypted at rest. Access to production systems is restricted to a small operations team and uses role-based access control with mandatory multi-factor authentication.
Architecture and isolation
Triage runs proposed code changes inside ephemeral, hardened sandbox containers — read-only filesystems, no outbound network, capped memory and CPU, and per-run isolation. Generated patches are delivered as draft pull requests; no automated merge is performed against the customer repository.
Logging and audit trail
Every pipeline stage (detection, triage, diagnosis, fix, sandbox test, notification) writes to an immutable audit trail tied to the run, including the LLM provider, model, token counts, cost and outcome. Operators can replay any decision through the run viewer without depending on third-party tools.
Incident response
Security incidents involving customer data trigger an internal response plan that includes containment, assessment, notification of affected customers and coordination with subprocessors when relevant. CBL Multiservice LLC notifies impacted customers without undue delay when a confirmed personal-data breach materially affects them.
Responsible disclosure
Researchers who identify a security issue affecting Triage or TriageHub are invited to report it confidentially to customerservice@triagehub.ai with the subject line "Security report". We commit to acknowledging valid reports promptly, investigating in good faith and not pursuing legal action against researchers who follow this disclosure path.
Your Responsibilities
Security best practices
Users should employ unique passwords, enable multi-factor authentication when available, review access regularly, remove inactive operators and maintain personal backups where regulatory requirements demand.
Content governance
Users must ensure they have the legal rights to submit, analyze and let Triage operate on the source code, logs and infrastructure they connect. This includes obtaining the necessary internal approvals before pointing Triage at customer-owned, regulated or production systems, and complying with disclosure obligations toward end-users when applicable.
Contact & Data Protection
Email customerservice@triagehub.ai for privacy inquiries, DPA requests or rights exercise.
Triage is owned and operated by CBL Multiservice LLC.
Mailing address: 12403 Central Ave, Unit #1034, Chino, CA 91710, USA.
© 2026 TriageHub · CBL Multiservice LLC