Trigify.io
Privacy Policy
Our Privacy Policy explains how we collect, secure, and protect personal data, ensuring GDPR compliance, transparency, and user control at all times.
Last Updated:
Tuesday 25th November 2025
11. Who we are and how to contact us
1.1 Trigify.io Limited (“Trigify”, “we”, “us”) is the data controller for personal data described in this notice (except where we act as a processor—see 11).
1.2 Contact: hugo@trigify.io.
1.3 This policy explains how we collect, use, share, and protect personal data under UK data protection law.
2. The data we collect
2.1 Account & identity data: name, business email, organisation, role.
2.2 Authentication data: hashed password or SSO identifiers (e.g., Google SSO). We do not support LinkedIn login.
2.3 Billing & payments: billing name, address, VAT number (if applicable), last-4 of card, card type, payment identifiers. Full card details are handled by our payment processor (e.g., Stripe); we do not store them.
2.4 Product usage & logs: actions (e.g., credits consumed, features used), IP address, device/browser, timestamps, diagnostics and error logs.
2.5 Support & communications: messages via chat, Slack, email or forms, including attachments.
2.6 Marketing preferences: subscriptions and opt-in/opt-out status.
2.7 Public/business data: where relevant to product features, publicly available business information (e.g., public social posts) used to generate insights.
2.8 We do not intentionally collect special category data or children’s data. Our services are intended for business users.
3. How we use your data and legal bases
3.1 Provide the service (contract – Art. 6(1)(b)): create/manage accounts, authenticate access, operate features, credit/pay-as-you-go, and support.
3.2 Payments & billing (contract; legal obligation – Art. 6(1)(c)): process transactions, issue invoices/receipts, handle VAT and records.
3.3 Operate, secure & improve (legitimate interests – Art. 6(1)(f)): performance monitoring, abuse prevention, troubleshooting, aggregated analytics (not for third-party ads).
3.4 Communications:
3.4.1 Service/transactional (contract/legal obligation).
3.4.2 Direct marketing about similar services (legitimate interests/PECR soft opt-in) with an unsubscribe in every message.
3.4.3 With consent where required (Art. 6(1)(a)); you may withdraw consent at any time.
4. Card on file and payments
4.1 A valid payment card on file is required to activate your account and use the service.
4.2 We and our processor may place temporary pre-authorisations to verify cards; holds are released promptly.
4.3 Our processor stores and secures card details; we receive limited tokens/identifiers and last-4 only.
4.4 Strong Customer Authentication may be required.
5. Cookies and similar technologies
5.1 We use only essential cookies and similar technologies to keep you signed in, route traffic securely, support SSO, and enable payments/fraud prevention.
5.2 We do not use third-party advertising cookies.
5.3 You can manage cookies via your browser; blocking essential cookies may break the service.
6. Data sharing (processors and recipients)
6.1 We share data with trusted service providers acting under our instructions (e.g., authentication, hosting, storage, logging/monitoring, customer support, email delivery, payments).
6.2 Where legally required (e.g., HMRC, courts), we may disclose data to authorities.
6.3 We do not sell personal data.
7. International transfers
7.1 Your data may be processed outside the UK/EEA.
7.2 We use approved safeguards (e.g., UK IDTA or EU SCCs with UK Addendum) and additional measures as appropriate; details are available on request.
8. Retention
8.1 We keep personal data only as long as necessary for the purposes in this policy and legal requirements.
8.2 Typical periods:
8.2.1 Account & billing records: life of account + 6–7 years.
8.2.2 Usage logs: 12–24 months.
8.2.3 Support/comms: 24 months after closure.
8.2.4 Marketing data: until you unsubscribe or 24 months of inactivity.
8.3 We may anonymise data for analytics and retain anonymised data longer.
9. Your rights (UK GDPR)
9.1 Rights: access, rectification, erasure, restriction, objection (including to direct marketing), and portability.
9.2 Where we rely on consent, you can withdraw it at any time.
9.3 To exercise rights: hugo@trigify.io.
9.4 You may complain to the UK ICO; we welcome the chance to resolve issues first.
10. Marketing preferences
10.1 We follow UK PECR. Where permitted, we rely on soft opt-in (you provided your email in the context of a purchase/enquiry and we market similar services).
10.2 Every marketing email includes a clear unsubscribe.
10.3 We do not use pre-ticked boxes and do not conduct SMS/push marketing.
11. Role of Trigify: controller vs processor
11.1 For account, billing, security and product-improvement data, Trigify acts as a controller.
11.2 For data you ingest or export via integrations (e.g., to your CRM), you are the controller and Trigify acts as a processor under your instructions.
11.3 If required, we can provide a Data Processing Addendum (DPA).
12. Security
12.1 We use industry-standard measures: encryption (in transit/at rest where appropriate), access controls, least-privilege policies, regular reviews, and incident response.
12.2 If legally required, we will notify you and/or regulators of a personal data breach.
13. Third-party links and services
13.1 Where the product links to third-party services, their privacy terms apply; we are not responsible for their practices.
14. Changes to this policy
14.1 We may update this policy periodically.
14.2 Material changes will be notified in-product or by email. Continued use after changes take effect means you acknowledge the updated policy.
15. Contact
15.1 Questions or requests about privacy: hugo@trigify.io.
