Privacy Policy

Overview

This Privacy Policy explains how Trigify.io Limited ("Trigify", "we", "us") collects, uses, shares, and protects personal data under UK data protection law. Trigify is the data controller for personal data described here, except where we act as a processor (see the Controller vs Processor section below).

Last updated: 25 November 2025

Data We Collect

Category

Details

Account and identity

Name, business email, organisation, role

Authentication

Hashed password or SSO identifiers (e.g., Google SSO). LinkedIn login is not supported.

Billing and payments

Billing name, address, VAT number (if applicable), last 4 digits of card, card type, payment identifiers. Full card details are handled by Stripe; we do not store them.

Product usage and logs

Actions (e.g., credits consumed, features used), IP address, device/browser, timestamps, diagnostics, and error logs

Support and communications

Messages via chat, Slack, email, or forms, including attachments

Marketing preferences

Subscriptions and opt-in/opt-out status

Public/business data

Publicly available business information (e.g., public social posts) used to generate insights

We do not intentionally collect special category data or children's data. Our services are intended for business users.

How We Use Your Data

Purpose

Legal Basis

Provide the service (accounts, authentication, features, credits, support)

Contract (Art. 6(1)(b))

Payments and billing (transactions, invoices, VAT, records)

Contract; legal obligation (Art. 6(1)(c))

Operate, secure, and improve (monitoring, abuse prevention, analytics)

Legitimate interests (Art. 6(1)(f))

Service/transactional communications

Contract/legal obligation

Direct marketing about similar services

Legitimate interests/PECR soft opt-in (with unsubscribe)

Marketing with consent where required

Consent (Art. 6(1)(a)), withdrawable at any time

Card on File and Payments

  • A valid payment card on file is required to activate your account and use the service.

  • We and our processor may place temporary pre-authorisations to verify cards; holds are released promptly.

  • Our processor stores and secures card details; we receive limited tokens/identifiers and last 4 digits only.

  • Strong Customer Authentication may be required.

Cookies and Similar Technologies

  • We use only essential cookies to keep you signed in, route traffic securely, support SSO, and enable payments/fraud prevention.

  • We do not use third-party advertising cookies.

  • You can manage cookies via your browser; blocking essential cookies may break the service.

Data Sharing

  • We share data with trusted service providers acting under our instructions (authentication, hosting, storage, logging/monitoring, customer support, email delivery, payments).

  • Where legally required (e.g., HMRC, courts), we may disclose data to authorities.

  • We do not sell personal data.

International Transfers

Your data may be processed outside the UK/EEA. We use approved safeguards (e.g., UK IDTA or EU SCCs with UK Addendum) and additional measures as appropriate. Details are available on request.

Data Retention

Data Type

Retention Period

Account and billing records

Life of account + 6 to 7 years

Usage logs

12 to 24 months

Support/communications

24 months after account closure

Marketing data

Until unsubscribe or 24 months of inactivity

We may anonymise data for analytics and retain anonymised data longer.

Your Rights (UK GDPR)

  • Rights: Access, rectification, erasure, restriction, objection (including to direct marketing), and portability.

  • Where we rely on consent, you can withdraw it at any time.

  • To exercise your rights, contact: hugo@trigify.io

  • You may complain to the UK ICO; we welcome the chance to resolve issues first.

Marketing Preferences

  • We follow UK PECR. Where permitted, we rely on soft opt-in.

  • Every marketing email includes a clear unsubscribe.

  • We do not use pre-ticked boxes and do not conduct SMS/push marketing.

Controller vs Processor

  • For account, billing, security, and product-improvement data: Trigify acts as a controller.

  • For data you ingest or export via integrations (e.g., to your CRM): you are the controller and Trigify acts as a processor under your instructions.

  • A Data Processing Addendum (DPA) is available on request.

Security

  • Industry-standard measures: encryption (in transit/at rest where appropriate), access controls, least-privilege policies, regular reviews, and incident response.

  • If legally required, we will notify you and/or regulators of a personal data breach.

Changes to This Policy

We may update this policy periodically. Material changes will be notified in-product or by email. Continued use after changes take effect means you acknowledge the updated policy.

Contact

Questions or requests about privacy: hugo@trigify.io

The full Privacy Policy is available at trigify.io/policies/privacy-policy