1. Introduction
This Privacy Policy explains how Tryat ("we", "our", "us"), operated by TRYAT AI PRIVATE LIMITED, collects, uses, and protects your information when you use the Tryat platform and services available at tryat.ai.
By using Tryat, you agree to the collection and use of information in accordance with this Privacy Policy.
2. Information We Collect
2.1 Information You Provide
- Business name, business overview, and (optional) email address and contact details you provide
- Connected social media accounts (e.g., Facebook, Instagram, YouTube)
- Content you create, upload, or publish using Tryat
2.2 OAuth Tokens
When you connect a social network (Facebook, Instagram, YouTube, LinkedIn, X/Twitter, etc.), we receive OAuth tokens that allow us to publish content on your behalf, only within the permissions you grant.
To connect a platform, you receive a secure link via WhatsApp that opens in your device's default browser. OAuth login and consent are completed entirely on our verified domain outside WhatsApp, ensuring secure authentication.
We do not store your password for any platform.
2.3 Automatically Collected Data
- IP address, browser type, device information
- Usage analytics (page views, actions taken inside Tryat)
- Error logs for debugging and reliability
3. How We Use Your Information
- To connect and manage your social media accounts
- To schedule, publish, and analyze posts
- To provide customer support
- To improve product performance and reliability
- To secure the platform and prevent fraud
4. Token Handling & Security
We follow strict security practices:
- All OAuth tokens are encrypted at rest using AWS KMS
- All communication is protected via HTTPS/TLS
- Tokens are never shared with third parties
- Tokens are only used to perform the actions you allow
4.1 OAuth Flow via WhatsApp
Users interact with our service via WhatsApp. When you request to connect a platform, we generate a secure, user-specific link that is mapped directly to your WhatsApp account. This personalized link opens in your device's default browser (e.g., Chrome), where you complete the OAuth login and consent process entirely on our verified domain, outside of WhatsApp.
This approach ensures only you can use the link, and your authentication credentials are never exposed within the WhatsApp interface. All OAuth operations are conducted on our verified domain, where you can verify the authenticity of the authentication process before granting permissions.
4.2 Infrastructure Security
Tryat is hosted on AWS using Lambda, API Gateway, DynamoDB, and S3. We follow least-privilege IAM roles and network-level protections to isolate services and data. Our systems are monitored with logging and alerting, and we perform regular security reviews and vulnerability assessments.
We maintain secure audit logs for OAuth activity and content publishing events to monitor security and prevent misuse.
5. Third-Party Services
Tryat integrates with third-party platforms like Facebook, Instagram, YouTube, and others. Your use of these services is governed by their respective privacy policies.
We only request the minimum permissions required to provide the functionality you choose.
6. Data Retention
- We retain account information as long as your Tryat account is active.
- OAuth tokens are stored only while your account is connected.
- Access tokens and data are retained only while your account remains connected.
- When you remove an account or request deletion, all associated data is permanently deleted within 48 hours.
- For security purposes, accounts that remain inactive (no platform usage) for 30 consecutive days will be automatically deactivated. Deactivated accounts will have their access tokens revoked and stored data secured. You can reactivate your account at any time by connecting your social accounts again through WhatsApp.
7. Data Deletion & User Controls
You have full control over your data and connections:
- You can remove any of your connected social accounts directly from WhatsApp by sending commands like remove account, remove youtube, or remove facebook to our WhatsApp bot.
- You may request deletion of your account and all data by emailing: hello@tryat.ai
Once deletion is confirmed, all tokens, content, and personal information will be permanently removed from our systems within 48 hours.
8. Security Practices
Tryat uses AWS for hosting and follows industry-standard practices:
- Encrypted storage with AWS KMS
- Least-privilege IAM roles
- Regular security assessments
- Access logging and monitoring
- Secure audit logs for OAuth activity
We use OAuth 2.0 for secure user authentication and do not store your password if you sign in via third-party providers. Internal access is restricted via role-based permissions. We strictly limit OAuth scopes to the minimum needed for functionality.
9. Children's Privacy
Tryat is not intended for children under 13. We do not knowingly collect personal information from children.
10. Changes to This Policy
We may update this Privacy Policy from time to time. Significant changes will be communicated via email or website notifications.
11. Contact Us
If you have questions about this Privacy Policy, contact us:
- Company: TRYAT AI PRIVATE LIMITED
- Email: hello@tryat.ai
- Website: https://tryat.ai
- CIN: U62099TS2025PTC198621
12. Consent
By using Tryat and connecting any social media account, you consent to the collection, storage, and use of your information as described in this Privacy Policy. You may withdraw your consent at any time by disconnecting your accounts or requesting data deletion.
14. Data Sharing & Disclosure
We do not sell, trade, or rent your personal information. We may share aggregated, non-identifiable analytics insights to improve product performance. Personal data may be disclosed only if required by law, regulation, or to comply with legal processes or enforce platform security.
15. Purpose of Token & Data Usage
OAuth tokens and account information are used solely to authenticate your identity and enable posting, scheduling, analytics, and other functions that you intentionally request. Tokens are never used beyond the permissions you grant and are never shared with third parties.