Privacy Policy

1.1 Trigify.io Limited ("Trigify", "we", "us") is the data controller for personal data described in this notice (except where we act as a processor, see section 11).

1.2 Contact: hugo@trigify.io.

1.3 This policy explains how we collect, use, share, and protect personal data under UK data protection law.

2.1 Account & identity data: name, business email, organisation, role.

2.2 Authentication data: hashed password or SSO identifiers (e.g., Google SSO). We do not support LinkedIn login.

2.3 Billing & payments: billing name, address, VAT number (if applicable), last-4 of card, card type, payment identifiers. Full card details are handled by our payment processor (e.g., Stripe); we do not store them.

2.4 Product usage & logs:

• 2.4.1 Website logs (pre-signup): IP address, device/browser, referrer, pages viewed, and basic diagnostics for visitors to our marketing site. Where you have consented via our cookie banner, this also includes product analytics events (e.g., page views, clicks).
• 2.4.2 In-product usage (post-signup): actions taken in the Service (e.g., credits consumed, features used), IP address, device/browser, timestamps, diagnostics, error logs, and session recordings with sensitive inputs (passwords, payment fields, and other configured fields) masked.

2.5 Support & communications: messages via chat, Slack, email or forms, including attachments.

2.6 Marketing preferences: subscriptions and opt-in/opt-out status.

2.7 Public/business data: where relevant to product features, publicly available business information (e.g., public social posts) used to generate insights.

2.8 We do not intentionally collect special category data or children's data. Our services are intended for business users.

3.1 Provide the service (contract, Art. 6(1)(b)): create/manage accounts, authenticate access, operate features, credit/pay-as-you-go, and support.

3.2 Payments & billing (contract; legal obligation, Art. 6(1)(c)): process transactions, issue invoices/receipts, handle VAT and records.

3.3 Operate, secure & improve:

• 3.3.1 Website (pre-signup): strictly necessary cookies (security, fraud prevention, traffic routing) run under legitimate interests and do not require consent. Product analytics on the marketing site run only with your consent via the cookie banner.
• 3.3.2 In-product (post-signup), contract and legitimate interests (Art. 6(1)(b) and 6(1)(f)): once you sign up, we process product usage data, diagnostics, and session recordings (with sensitive inputs masked) to operate the Service, prevent abuse, monitor performance, troubleshoot, and improve features. This forms part of providing the Service under our Terms and is a reasonable expectation when using a SaaS product. We do not use this data for third-party advertising.

3.4 Communications:

• 3.4.1 Service/transactional (contract/legal obligation).
• 3.4.2 Direct marketing: to existing customers (PECR soft opt-in), where you signed up for the Service or made an enquiry about it, we may send marketing about similar services; every message includes an unsubscribe. To website subscribers (consent), where you signed up for our newsletter or marketing content on our website, we send communications only on the basis of your active consent, which you can withdraw at any time.
• 3.4.3 With consent where required (Art. 6(1)(a)); you may withdraw consent at any time.

4.1 A valid payment card on file is required to activate your account and use the service.

4.2 We and our processor may place temporary pre-authorisations to verify cards; holds are released promptly.

4.3 Our processor stores and secures card details; we receive limited tokens/identifiers and last-4 only.

4.4 Strong Customer Authentication may be required.

5.1 Strictly necessary. We use essential cookies to keep you signed in, route traffic securely, support SSO, and process payments. These are always on.

5.2 Website analytics (pre-signup). On our public website, we use product analytics (for example PostHog) only with your consent via the cookie banner. You can accept, reject, or change preferences at any time.

5.3 In-product analytics (post-signup). When you sign up and use Trigify, we capture product usage events (page views, clicks, feature usage) and session recordings with sensitive inputs masked. This is necessary to operate, secure, debug, and improve the Service and forms part of your agreement with us under our Terms of Service. We rely on legitimate interests and contractual necessity, not consent, for this processing. You can request access, deletion, or object via hugo@trigify.io.

5.4 No ad tracking. We don't use third-party advertising cookies and don't share analytics data with ad networks.

5.5 Browser controls. You can manage cookies via your browser; blocking essential cookies may break the Service.

6.1 We share data with trusted service providers acting under our instructions (e.g., authentication, hosting, storage, logging/monitoring, customer support, email delivery, payments).

6.2 Where legally required (e.g., HMRC, courts), we may disclose data to authorities.

6.3 We do not sell personal data.

7.1 Your data may be processed outside the UK/EEA.

7.2 We use approved safeguards (e.g., UK IDTA or EU SCCs with UK Addendum) and additional measures as appropriate; details are available on request.

8.1 We keep personal data only as long as necessary for the purposes in this policy and legal requirements.

8.2 Typical periods:

• 8.2.1 Account & billing records: life of account + 6 to 7 years.
• 8.2.2 Usage logs: 12 to 24 months.
• 8.2.3 Support/comms: 24 months after closure.
• 8.2.4 Marketing data: until you unsubscribe or 24 months of inactivity.

8.3 We may anonymise data for analytics and retain anonymised data longer.

9.1 Rights: access, rectification, erasure, restriction, objection (including to direct marketing), and portability.

9.2 Where we rely on consent, you can withdraw it at any time.

9.3 To exercise rights: hugo@trigify.io.

9.4 You may complain to the UK ICO; we welcome the chance to resolve issues first.

10.1 We follow UK PECR. Where you are an existing customer or enquired about the Service, we may rely on soft opt-in to send marketing about similar services. Where you signed up to our newsletter or marketing list on our website without making an enquiry or purchase, we rely on your active consent.

10.2 Every marketing email includes a clear unsubscribe.

10.3 We do not use pre-ticked boxes and do not conduct SMS/push marketing.

11.1 For account, billing, security and product-improvement data, Trigify acts as a controller.

11.1.2 For visitors to our website (pre-signup), we act as controller for the limited data we collect (e.g., IP, device/browser, and, where you have accepted, cookie-based product analytics identifiers).

11.2 For data you ingest or export via integrations (e.g., to your CRM), you are the controller and Trigify acts as a processor under your instructions.

11.3 If required, we can provide a Data Processing Addendum (DPA).

12.1 We use industry-standard measures: encryption (in transit/at rest where appropriate), access controls, least-privilege policies, regular reviews, and incident response.

12.2 If legally required, we will notify you and/or regulators of a personal data breach.

13.1 Where the product links to third-party services, their privacy terms apply; we are not responsible for their practices.

14.1 We may update this policy periodically.

14.2 Material changes will be notified in-product or by email. Continued use after changes take effect means you acknowledge the updated policy.

15.1 Questions or requests about privacy: hugo@trigify.io.