Trivium—Subprocessors
Last updated: July 4, 2026
A "subprocessor" is a third party that Trivium uses to process personal information on behalf of the schools that use the Service. We engage the subprocessors below to run the Trivium school information system. Each is bound by a written agreement requiring data‑protection and security obligations no less protective than those in our Data Processing Addendum, and each receives only the information it needs for its function.
We do not sell personal information, and we do not use student data for advertising. Our AI assistant ("Ask Triv") is scoped by row‑level security to a school's own data, and that data is not used to train third‑party models.
Current subprocessors
| Subprocessor | Function | Categories of data processed | Primary location |
|---|---|---|---|
| Supabase | Primary database (PostgreSQL), authentication, and file storage (e.g. student/staff photos, school logos, library covers, newsletter media) | Substantially all Customer Data: student, guardian, and staff records; grades, attendance, health/medical notes; messages; admissions; billing records; uploaded files | United States |
| Vercel | Application hosting, serverless compute, and content delivery (CDN) for the web app | Data in transit for every request; server logs (IP address, request metadata) | United States |
| Resend | Outbound email delivery—transactional notices (attendance, messages, digests, application/inquiry alerts) and school newsletters | Recipient name and email address; message subject and body content | United States |
| Anthropic | AI assistant ("Ask Triv")—generates responses to staff prompts over the school's own RLS‑scoped data | The prompt text and the school data the assistant retrieves to answer it. Not used to train models; not retained for model improvement | United States |
| Stripe | Tuition billing and payment processing (where the school enables payments) | Payer name and contact details; payment‑method and transaction metadata. Card data is handled by Stripe under PCI‑DSS and does not touch Trivium's servers | United States |
| Sentry | Error monitoring—collects error reports when the app malfunctions so we can detect and fix failures | Error reports and stack traces. Emails, phone numbers, cookies, and authentication headers are scrubbed before transmission; no student records are intentionally sent | United States |
| Twilio | Text-message (SMS) delivery for emergency alerts and reminders, only when a school enables SMS | Guardian/staff phone numbers and the message content | United States |
Changes to this list
Before we add or replace a subprocessor that processes Customer Data, we will update this page and notify School administrators at least 30 days in advance so a School may review and, where its contract permits, object on reasonable data‑protection grounds. See Section 5 of the Data Processing Addendum for the full subprocessor terms.
Questions: privacy@usetrivium.com.