Privacy Policy
Effective date: March 15, 2026
1. Introduction
This Privacy Policy explains how Triggo ("we", "us", or "our") collects, uses, stores, and protects your personal data when you use our cloud-based AI business process automation platform available at usetriggo.com (the "Service").
We are committed to protecting your privacy and processing your personal data in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and other applicable data protection legislation.
By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our data practices, please do not use the Service.
2. Definitions
- Personal Data — any information relating to an identified or identifiable natural person (data subject).
- Processing — any operation performed on personal data, whether automated or not, such as collection, recording, storage, adaptation, retrieval, use, disclosure, erasure, or destruction.
- Data Controller — Triggo, which determines the purposes and means of processing personal data.
- Data Processor — a third party that processes personal data on behalf of the Data Controller.
- Data Subject — the individual whose personal data is being processed (you, the user).
- Service — the Triggo platform, including the website, API, and all related tools and features.
3. Data We Collect
3.1 Information You Provide
- Account information: name, email address, and password when you register for the Service.
- Payment information: billing details processed through our payment provider. We do not store full payment card numbers.
- Communication data: messages you send to our support channels or feedback forms.
- Integration credentials: OAuth tokens and API keys for third-party services you connect through Triggo. These are encrypted at rest using AES-256-GCM.
3.2 Information Collected Automatically
- Technical data: IP address, browser type and version, operating system, device information, and referring URLs.
- Usage data: pages visited, features used, and interaction patterns (collected via Plausible Analytics, which is cookieless and does not collect personal data).
- Pipeline execution logs: metadata about your automation pipeline runs, including timestamps, status, and error information. Log data is sanitized to redact personally identifiable information.
- AI-generated content: pipeline configurations and conversational data generated through the AI assistant during your use of the Service.
4. Purposes and Legal Bases for Processing
We process your personal data for the following purposes, each with a corresponding legal basis under the GDPR:
| Purpose | Legal Basis (GDPR) |
|---|---|
| Providing and maintaining the Service | Contract performance — Art. 6(1)(b) |
| Account creation and management | Contract performance — Art. 6(1)(b) |
| Processing payments | Contract performance — Art. 6(1)(b) |
| Executing AI-generated pipelines and storing results | Contract performance — Art. 6(1)(b) |
| Sending service-related notifications | Legitimate interest — Art. 6(1)(f) |
| Improving the Service and developing new features | Legitimate interest — Art. 6(1)(f) |
| Security monitoring and fraud prevention | Legitimate interest — Art. 6(1)(f) |
| Marketing communications (where opted in) | Consent — Art. 6(1)(a) |
| Compliance with legal obligations | Legal obligation — Art. 6(1)(c) |
5. Cookies and Tracking
We use a minimal approach to cookies and tracking:
- Essential cookies: We use strictly necessary cookies for session management and authentication. These cookies are required for the Service to function and cannot be disabled.
- Analytics: We use Plausible Analytics, which is a privacy-focused, cookieless analytics tool. Plausible does not use cookies, does not collect personal data, and does not track users across websites. No consent is required for Plausible under the GDPR.
We do not use any advertising cookies, social media tracking pixels, or third-party analytics tools that collect personal data.
6. Data Sharing and Third-Party Processors
We do not sell your personal data. We share data only with the following categories of third-party processors, each bound by data processing agreements:
- Anthropic — AI model provider for pipeline generation and conversational AI features. Chat messages and pipeline context may be sent to Anthropic for processing.
- OpenAI — Alternative AI model provider used for pipeline generation and fallback processing.
- Cloudflare — Infrastructure and hosting services, including CDN, DDoS protection, and DNS.
- Resend — Transactional email delivery for account notifications, verification emails, and service alerts.
- Plausible Analytics — Privacy-focused website analytics. Plausible does not process personal data.
When you connect third-party services through Triggo (e.g., CRM systems, messaging platforms), data flows between your connected services as defined by your pipeline configurations. You are responsible for ensuring you have the right to process data through those connected services.
7. International Data Transfers
Some of our third-party processors, particularly AI model providers (Anthropic and OpenAI), are based in the United States. When your data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, including:
- Standard Contractual Clauses (SCCs) approved by the European Commission.
- Adequacy decisions by the European Commission, where applicable.
- Additional technical safeguards such as encryption in transit and at rest.
8. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes described in this policy:
- Account data: retained while your account is active and for 30 days after account deletion, after which it is permanently erased.
- Pipeline execution logs: retained for 90 days, then automatically purged.
- Payment records: retained as required by applicable tax and accounting legislation.
- Support communications: retained for up to 12 months after resolution.
- Integration credentials: deleted immediately upon disconnection of the integration or account deletion.
9. Your Rights Under the GDPR
As a data subject, you have the following rights under the GDPR. You may exercise these rights at any time by contacting us at privacy@usetriggo.com:
- Right of access (Art. 15): You have the right to obtain confirmation of whether your personal data is being processed and to access a copy of that data.
- Right to rectification (Art. 16): You have the right to request correction of inaccurate personal data.
- Right to erasure (Art. 17): You have the right to request deletion of your personal data, subject to legal retention requirements.
- Right to restriction (Art. 18): You have the right to request restriction of processing in certain circumstances.
- Right to data portability (Art. 20): You have the right to receive your personal data in a structured, commonly used, machine-readable format.
- Right to object (Art. 21): You have the right to object to processing based on legitimate interest, including profiling.
- Right to withdraw consent (Art. 7(3)): Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of processing performed before withdrawal.
- Right to lodge a complaint: You have the right to lodge a complaint with a supervisory authority in your EU member state of residence.
We will respond to all legitimate requests within 30 days. In complex cases, we may extend this period by an additional 60 days, with prior notification.
10. Data Security
We implement appropriate technical and organizational measures to protect your personal data, including:
- AES-256-GCM encryption for integration credentials and sensitive data at rest.
- TLS encryption for all data in transit.
- Role-based access controls and the principle of least privilege.
- Automatic PII redaction in pipeline execution logs.
- Regular security assessments and monitoring.
While we take reasonable measures to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.
11. Children's Privacy
The Service is not intended for individuals under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete that information promptly. If you believe a child under 16 has provided us with personal data, please contact us at privacy@usetriggo.com.
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will notify you of any material changes at least 30 days in advance via the email address associated with your account.
The updated policy will be posted on this page with a revised effective date. Your continued use of the Service after the effective date of the updated policy constitutes acceptance of the changes.
13. Contact Information
If you have any questions about this Privacy Policy, your personal data, or wish to exercise your data subject rights, please contact us:
- Email: privacy@usetriggo.com
- Website: usetriggo.com
Last updated: March 15, 2026
← Back to home