Trio — Privacy Policy

Last updated: July 2, 2026

This Privacy Policy explains how Avover Inc. (“Avover,” “we,” “us,” or “our”), a company incorporated in British Columbia, Canada, collects, uses, discloses, and protects personal information in connection with the Trio mobile application and related services (“Trio” or the “Service”).

Trio is a friend-making app that matches people into small groups (always three or more people — never one-on-one) for real-world group activities and group chat. Trio is only for people aged 18 and older.

By creating an account or using Trio, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use Trio. This policy should be read together with our Terms of Service.


1. Who is responsible for your information (Privacy Officer)

Avover Inc. is the organization accountable for the personal information under its control. We have designated a Privacy Officer who is responsible for our compliance with this policy and with applicable privacy law.

You can contact the Privacy Officer at any time with a question, an access or correction request, a deletion request, or a complaint (see Sections 11–13).


2. A note on our design (why we collect so little)

Trio is deliberately built to collect the minimum information needed to introduce you to a small group and let that group meet safely:


3. Information we collect and why

We collect the following categories of personal information. For each, we describe the source and the specific purpose.

3.1 Account and contact information

Information Source Why we collect it
Email address You, at sign-up (via Sign in with Apple, Google, or email one-time passcode) To create and secure your account and to sign you in.
Phone number You provide it; verified by SMS To confirm you are a real person and reduce duplicate/abusive accounts (one phone per account). The verification text message is transactional — we do not use your phone number for marketing.

We support Sign in with Apple, Sign in with Google, and email one-time passcodes. When you use Apple or Google to sign in, that provider tells us a limited set of information (such as your email or a private relay email) so we can create your account. We do not receive your Apple or Google password.

3.2 Profile information (what other members can see)

Information Source Why we collect it
First name You Shown to people you are grouped with, and (first name only) to people considering the same activity, so members can recognize each other.
Profile photo (optional) You upload it Helps members recognize each other. Optional — you can use initials instead.
Short bio and interests (optional) You Helps the group have something to talk about and helps you find activities you’ll enjoy.

3.3 Coarse, one-time location — not precise or continuous

When you set your area, Trio takes a single, one-time reading of your device location and uses it only to find the nearest of our pre-defined areas (for example, a city or region). We then store only that area — not your coordinates.

3.4 Content you create in the app

Information Source Why we collect it
Group chat messages You, when you chat with your group To deliver your messages to the members of your group in real time.
Group photos (optional) You upload them to a group To share photos with the members of that group. Group photos are stored in a private location and are visible only to members of that group through short-lived, expiring links.

Group chat messages and group photos are visible to the other members of your group. Please only share what you are comfortable sharing with those members.

3.5 Trust and safety information

Information Source Why we collect it
Blocks and mutes You, when you block or mute a member To keep you from being re-matched with, or hearing from, someone you’ve blocked. A block means we will not match you with that person again.
Safety reports You, when you report a concern So we can review conduct that violates our Terms. Reports are treated as confidential — we do not tell the person you reported that you reported them.
Attendance / no-show notes You, after a meetup To understand whether planned meetups actually happened and to identify patterns of no-shows.

Our safety tools are discretionary and best-effort. They help, but they are not a guarantee of anyone’s safety or conduct. Please also read the safety and assumption-of-risk terms in our Terms of Service.

3.6 Creator identity verification (creators only) — see Section 4

Only members who choose to create activities complete identity verification, and this is handled by our verification provider, Didit. The most important point: Trio stores only a yes/no “verified” status — never your ID, selfie, or biometric data. Section 4 explains this in full.

3.7 Device and technical information

When you use Trio, we and our infrastructure providers automatically process limited technical information — such as your IP address, device type and operating-system version, app version, and basic diagnostic/error logs — to operate the Service, keep it secure, prevent abuse, and fix bugs. We do not use this information to track you across other companies’ apps or websites, and we do not share it with data brokers or advertising networks.


4. Creator identity verification and biometric information (creators only)

This section is important, so we want to be precise about who collects what.

Only members who choose to become activity creators are asked to verify their identity. Regular members who only join activities are not asked to verify.

To verify a creator’s identity, we use a specialized third-party identity-verification provider, Didit. When you choose to verify, Didit’s own hosted flow captures and processes your government-issued ID, a selfie, and a liveness check (a “biometric” process that confirms a live person matching the ID). Didit — not Trio — collects, processes, and stores that ID image, selfie, and biometric data, as an independent processor under its own privacy policy and retention schedule. You can read Didit’s privacy policy here: Didit Privacy Policy.

What Trio receives and stores is only a single yes/no result — a “verified” or “not verified” status flag for your account. To be completely clear:

We use the verified/not-verified status only to (a) let verified creators create activities and (b) display a scoped “Verified Creator” indicator. That indicator means only that the creator’s identity and age were confirmed by our third-party provider — it is not a background check, a criminal-history check, or any statement that the person is “safe” (see our Terms of Service).

Consent. Before any identity verification begins, we present you with a separate notice and ask for your explicit consent to proceed. You are free to decline — you simply won’t be able to create activities. Didit also presents its own notice and consent before it collects anything.

Retention of the ID and biometric data. Because Didit — not Trio — holds the ID and biometric data, Didit’s retention and destruction schedule governs it. We store only the verified/not-verified flag, for as long as your account exists (subject to Section 6). For details on how long Didit retains the underlying documents and biometrics, see Didit’s privacy policy linked above.


5. How we use your information

We use personal information to:

We rely on your consent (which you can withdraw) and on the necessity of processing to provide the Service you asked for and to meet our legal obligations. Where we would ever use your information for a materially new purpose, we will ask first.


6. How long we keep information, and how deletion works

We keep personal information only as long as needed for the purposes above, or as required by law.

If you would like your account deleted immediately rather than after the grace period, contact the Privacy Officer (Section 1) and we will action it.


7. Where your information is stored and processed (cross-border transfer)

Avover Inc. is based in Canada, but we use reputable service providers located in the United States to run Trio. This means your personal information is stored and processed in the United States and may be accessible to those providers there. In particular:

Provider What they process Location Their privacy policy
Supabase Core hosting, database, real-time chat, and file storage (your profile, messages, and photos) United States (US region) supabase.com/privacy
Twilio Sending SMS verification codes United States twilio.com/en-us/legal/privacy
Didit Creator identity + biometric verification (creators only) United States Didit Privacy Policy
Apple Sign in with Apple United States apple.com/legal/privacy
Google Sign in with Google United States policies.google.com/privacy

When information is transferred to and stored in another country, it is subject to the laws of that country and may be accessible to that country’s courts, law-enforcement, and regulatory authorities. We use contractual and security safeguards (including data-processing agreements with our providers) intended to give your information a comparable level of protection to what it would receive in Canada. If you have questions about our cross-border handling of your information, contact our Privacy Officer (Section 1).


8. We do not sell your personal information

We do not sell your personal information, and we do not share it for cross-context behavioural advertising. We do not trade your information to data brokers, and we do not run third-party advertising networks inside Trio.

We share personal information only:


9. Age requirement — Trio is 18+

Trio is intended only for people aged 18 and older. You must confirm you are at least 18 to use Trio.

We do not knowingly collect personal information from anyone under 18. When you sign up, we ask for your birth date solely to confirm you are 18 or older: your age is checked on your device and we store only a yes/no “18-or-older” flag — your date of birth is never transmitted to us or stored on our systems. If we learn that someone under 18 has created an account, we will delete it. If you believe a minor is using Trio, please contact our Privacy Officer (Section 1).


10. How we protect your information

We take reasonable technical and organizational measures to protect personal information, including encryption in transit, access controls on our systems, and restricting group photos to a private store served only through short-lived, expiring links. No system is perfectly secure, but we work to protect your information and to limit what we collect in the first place.

Breach notification. If a security breach involving your personal information creates a real risk of significant harm to you, we will notify you and the appropriate regulator(s) as required by law, and we maintain records of security incidents as the law requires.


11. Your privacy rights

Depending on where you live (including under Canada’s PIPEDA, British Columbia’s PIPA, and Quebec’s Law 25), you have rights over your personal information, which may include the right to:

You can correct your information and delete your account directly in the app (edit your profile, block/mute, delete your account). To access the information we hold about you, to request a portable copy of it, or to make any other privacy request, contact our Privacy Officer (Section 1). We will respond within the timeframes required by applicable law and will not discriminate against you for exercising your rights. To protect your account, we may need to verify your identity before acting on a request.


12. Changes to this policy

We may update this Privacy Policy from time to time. When we make a material change, we will update the “Last updated” date above and take reasonable steps to notify you — for example, in the app or by email. The current version is always published at https://jointrio.app/privacy.


13. How to reach us and how to complain

If you have a question, request, or concern about your privacy, please contact our Privacy Officer first:

We take complaints seriously and will work with you to resolve them. If you are not satisfied with our response, you have the right to contact the relevant privacy regulator:


This Privacy Policy is provided in English. Trio is operated by Avover Inc., British Columbia, Canada.


Trio is operated by Avover Inc., British Columbia, Canada. · Legal home