Last updated: July 2, 2026
This Privacy Policy explains how Avover Inc. (“Avover,” “we,” “us,” or “our”), a company incorporated in British Columbia, Canada, collects, uses, discloses, and protects personal information in connection with the Trio mobile application and related services (“Trio” or the “Service”).
Trio is a friend-making app that matches people into small groups (always three or more people — never one-on-one) for real-world group activities and group chat. Trio is only for people aged 18 and older.
By creating an account or using Trio, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use Trio. This policy should be read together with our Terms of Service.
Avover Inc. is the organization accountable for the personal information under its control. We have designated a Privacy Officer who is responsible for our compliance with this policy and with applicable privacy law.
You can contact the Privacy Officer at any time with a question, an access or correction request, a deletion request, or a complaint (see Sections 11–13).
Trio is deliberately built to collect the minimum information needed to introduce you to a small group and let that group meet safely:
We collect the following categories of personal information. For each, we describe the source and the specific purpose.
| Information | Source | Why we collect it |
|---|---|---|
| Email address | You, at sign-up (via Sign in with Apple, Google, or email one-time passcode) | To create and secure your account and to sign you in. |
| Phone number | You provide it; verified by SMS | To confirm you are a real person and reduce duplicate/abusive accounts (one phone per account). The verification text message is transactional — we do not use your phone number for marketing. |
We support Sign in with Apple, Sign in with Google, and email one-time passcodes. When you use Apple or Google to sign in, that provider tells us a limited set of information (such as your email or a private relay email) so we can create your account. We do not receive your Apple or Google password.
| Information | Source | Why we collect it |
|---|---|---|
| First name | You | Shown to people you are grouped with, and (first name only) to people considering the same activity, so members can recognize each other. |
| Profile photo (optional) | You upload it | Helps members recognize each other. Optional — you can use initials instead. |
| Short bio and interests (optional) | You | Helps the group have something to talk about and helps you find activities you’ll enjoy. |
When you set your area, Trio takes a single, one-time reading of your device location and uses it only to find the nearest of our pre-defined areas (for example, a city or region). We then store only that area — not your coordinates.
| Information | Source | Why we collect it |
|---|---|---|
| Group chat messages | You, when you chat with your group | To deliver your messages to the members of your group in real time. |
| Group photos (optional) | You upload them to a group | To share photos with the members of that group. Group photos are stored in a private location and are visible only to members of that group through short-lived, expiring links. |
Group chat messages and group photos are visible to the other members of your group. Please only share what you are comfortable sharing with those members.
| Information | Source | Why we collect it |
|---|---|---|
| Blocks and mutes | You, when you block or mute a member | To keep you from being re-matched with, or hearing from, someone you’ve blocked. A block means we will not match you with that person again. |
| Safety reports | You, when you report a concern | So we can review conduct that violates our Terms. Reports are treated as confidential — we do not tell the person you reported that you reported them. |
| Attendance / no-show notes | You, after a meetup | To understand whether planned meetups actually happened and to identify patterns of no-shows. |
Our safety tools are discretionary and best-effort. They help, but they are not a guarantee of anyone’s safety or conduct. Please also read the safety and assumption-of-risk terms in our Terms of Service.
Only members who choose to create activities complete identity verification, and this is handled by our verification provider, Didit. The most important point: Trio stores only a yes/no “verified” status — never your ID, selfie, or biometric data. Section 4 explains this in full.
When you use Trio, we and our infrastructure providers automatically process limited technical information — such as your IP address, device type and operating-system version, app version, and basic diagnostic/error logs — to operate the Service, keep it secure, prevent abuse, and fix bugs. We do not use this information to track you across other companies’ apps or websites, and we do not share it with data brokers or advertising networks.
This section is important, so we want to be precise about who collects what.
Only members who choose to become activity creators are asked to verify their identity. Regular members who only join activities are not asked to verify.
To verify a creator’s identity, we use a specialized third-party identity-verification provider, Didit. When you choose to verify, Didit’s own hosted flow captures and processes your government-issued ID, a selfie, and a liveness check (a “biometric” process that confirms a live person matching the ID). Didit — not Trio — collects, processes, and stores that ID image, selfie, and biometric data, as an independent processor under its own privacy policy and retention schedule. You can read Didit’s privacy policy here: Didit Privacy Policy.
What Trio receives and stores is only a single yes/no result — a “verified” or “not verified” status flag for your account. To be completely clear:
We use the verified/not-verified status only to (a) let verified creators create activities and (b) display a scoped “Verified Creator” indicator. That indicator means only that the creator’s identity and age were confirmed by our third-party provider — it is not a background check, a criminal-history check, or any statement that the person is “safe” (see our Terms of Service).
Consent. Before any identity verification begins, we present you with a separate notice and ask for your explicit consent to proceed. You are free to decline — you simply won’t be able to create activities. Didit also presents its own notice and consent before it collects anything.
Retention of the ID and biometric data. Because Didit — not Trio — holds the ID and biometric data, Didit’s retention and destruction schedule governs it. We store only the verified/not-verified flag, for as long as your account exists (subject to Section 6). For details on how long Didit retains the underlying documents and biometrics, see Didit’s privacy policy linked above.
We use personal information to:
We rely on your consent (which you can withdraw) and on the necessity of processing to provide the Service you asked for and to meet our legal obligations. Where we would ever use your information for a materially new purpose, we will ask first.
We keep personal information only as long as needed for the purposes above, or as required by law.
If you would like your account deleted immediately rather than after the grace period, contact the Privacy Officer (Section 1) and we will action it.
Avover Inc. is based in Canada, but we use reputable service providers located in the United States to run Trio. This means your personal information is stored and processed in the United States and may be accessible to those providers there. In particular:
| Provider | What they process | Location | Their privacy policy |
|---|---|---|---|
| Supabase | Core hosting, database, real-time chat, and file storage (your profile, messages, and photos) | United States (US region) | supabase.com/privacy |
| Twilio | Sending SMS verification codes | United States | twilio.com/en-us/legal/privacy |
| Didit | Creator identity + biometric verification (creators only) | United States | Didit Privacy Policy |
| Apple | Sign in with Apple | United States | apple.com/legal/privacy |
| Sign in with Google | United States | policies.google.com/privacy |
When information is transferred to and stored in another country, it is subject to the laws of that country and may be accessible to that country’s courts, law-enforcement, and regulatory authorities. We use contractual and security safeguards (including data-processing agreements with our providers) intended to give your information a comparable level of protection to what it would receive in Canada. If you have questions about our cross-border handling of your information, contact our Privacy Officer (Section 1).
We do not sell your personal information, and we do not share it for cross-context behavioural advertising. We do not trade your information to data brokers, and we do not run third-party advertising networks inside Trio.
We share personal information only:
Trio is intended only for people aged 18 and older. You must confirm you are at least 18 to use Trio.
We do not knowingly collect personal information from anyone under 18. When you sign up, we ask for your birth date solely to confirm you are 18 or older: your age is checked on your device and we store only a yes/no “18-or-older” flag — your date of birth is never transmitted to us or stored on our systems. If we learn that someone under 18 has created an account, we will delete it. If you believe a minor is using Trio, please contact our Privacy Officer (Section 1).
We take reasonable technical and organizational measures to protect personal information, including encryption in transit, access controls on our systems, and restricting group photos to a private store served only through short-lived, expiring links. No system is perfectly secure, but we work to protect your information and to limit what we collect in the first place.
Breach notification. If a security breach involving your personal information creates a real risk of significant harm to you, we will notify you and the appropriate regulator(s) as required by law, and we maintain records of security incidents as the law requires.
Depending on where you live (including under Canada’s PIPEDA, British Columbia’s PIPA, and Quebec’s Law 25), you have rights over your personal information, which may include the right to:
You can correct your information and delete your account directly in the app (edit your profile, block/mute, delete your account). To access the information we hold about you, to request a portable copy of it, or to make any other privacy request, contact our Privacy Officer (Section 1). We will respond within the timeframes required by applicable law and will not discriminate against you for exercising your rights. To protect your account, we may need to verify your identity before acting on a request.
We may update this Privacy Policy from time to time. When we make a material change, we will update the “Last updated” date above and take reasonable steps to notify you — for example, in the app or by email. The current version is always published at https://jointrio.app/privacy.
If you have a question, request, or concern about your privacy, please contact our Privacy Officer first:
We take complaints seriously and will work with you to resolve them. If you are not satisfied with our response, you have the right to contact the relevant privacy regulator:
This Privacy Policy is provided in English. Trio is operated by Avover Inc., British Columbia, Canada.
Trio is operated by Avover Inc., British Columbia, Canada. · Legal home