Privacy Policy

Trayo AI, Inc.
Effective Date: April 8, 2026
Last Updated: April 8, 2026

1. Introduction

Trayo AI, Inc. ("Trayo," "we," "us," or "our") is committed to protecting the privacy and security of your information. This Privacy Policy explains how we collect, use, disclose, retain, and protect information when you use the Trayo AI platform, website (trayo.ai), email reports, integrations, APIs, and any related services (collectively, the "Service").

Trayo AI is a Delaware corporation headquartered in San Mateo, California. We operate an AI-native sales execution platform that monitors publicly available business signals and delivers contextualized intelligence to enterprise sales teams.

This Privacy Policy applies to:

  • Customers and their Authorized Users — businesses and their employees who subscribe to and use the Service.
  • Website Visitors — individuals who visit trayo.ai.
  • Data Subjects — individuals whose personal information may be processed as part of the Account Data monitored by the Service (e.g., executives and contacts at tracked companies).

By using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with any part of this Policy, you must not use the Service.

2. Information We Collect

2.1 Information You Provide Directly

Account Registration Data. When you create an account, we collect your name, email address, company name, job title, and role designation (admin or user).

Customer Data. You may provide us with account lists (companies you want to track), CRM integration credentials, user preferences, signal preferences, feedback on event relevance, and other information necessary to configure and personalize the Service.

Communication Data. When you contact us via email, support channels, or feedback mechanisms, we collect the content of those communications along with associated metadata.

Payment Information. If applicable, we collect billing information such as company name, billing address, and payment method details. Payment processing is handled by third-party payment processors; we do not store full credit card numbers.

2.2 Information Collected Automatically

Usage Data. We automatically collect information about how you interact with the Service, including pages visited within the application, features used, signals viewed, outreach drafts generated, buttons clicked, timestamps, and session duration.

Email Engagement Data. When we send you intelligence reports via email, we collect data about your engagement with those emails, including:

  • Email opens — detected via a 1x1 tracking pixel embedded in emails. We record the timestamp, IP address, and user agent of the open event.
  • Link clicks — links within our emails are wrapped through our tracking domain (go.trayo.ai) to record which links you click, along with the timestamp, IP address, and user agent.
  • Bot detection data — we analyze user agent strings, IP addresses, request timing, and HTTP headers to distinguish genuine user engagement from automated security scans and email pre-fetching by corporate email security tools.

Device and Log Data. We collect IP addresses, browser type, operating system, device identifiers, referring URLs, and standard web server log information.

Cookies and Tracking Technologies. We use cookies, local storage, and similar technologies on our website and in the Service to maintain sessions, remember preferences, and analyze usage. For details, see Section 7.

2.3 Information from Third-Party Sources

Publicly Available Business Data. The core functionality of the Service involves monitoring publicly available information about companies and individuals, including:

  • News articles, press releases, and media coverage
  • Public earnings calls and financial filings
  • Job postings on public career pages and job boards
  • Public social media posts and professional profiles
  • Company websites, case studies, and public announcements
  • Conference participation and speaking engagements
  • Executive and leadership changes reported publicly

Third-Party Data Providers. We license business contact data and company information from third-party data providers to enrich our intelligence, including contact names, job titles, LinkedIn profile information, and company metadata.

Integration Data. If you connect the Service with third-party platforms (e.g., Salesforce, Outreach, SmartLead), we receive data from those platforms in accordance with your integration settings and the terms of those third-party services.

2.4 AI-Generated Data

The Service uses artificial intelligence (including third-party AI services such as OpenAI) to generate Enriched Content, including signal summaries, relevance scores, quality assessments, contact recommendations, and outreach drafts. These AI outputs are derived from a combination of publicly available data, licensed data, and Customer Data.

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 To Provide and Operate the Service

  • Monitoring tracked accounts for relevant business signals
  • Discovering, filtering, ranking, and enriching events using AI
  • Generating daily intelligence reports and delivering them via email
  • Identifying relevant contacts and stakeholders for surfaced signals
  • Generating personalized outreach drafts and recommendations
  • Processing and fulfilling integrations with third-party platforms
  • Authenticating users and managing account access

3.2 To Improve and Develop the Service

  • Analyzing usage patterns to improve signal relevance and AI accuracy
  • Debugging and resolving technical issues
  • Training and refining our AI models and ranking algorithms using aggregated and de-identified data
  • Conducting A/B testing of features
  • Monitoring workflow performance and system health

3.3 To Communicate with You

  • Delivering intelligence reports and signal notifications
  • Sending service-related announcements, updates, and maintenance notices
  • Responding to support requests and inquiries
  • Providing onboarding assistance and product guidance

3.4 To Ensure Security and Compliance

  • Detecting and preventing fraud, abuse, and unauthorized access
  • Enforcing our Terms and Conditions and Acceptable Use policies
  • Complying with legal obligations, court orders, and regulatory requirements
  • Conducting security audits and penetration testing

3.5 To Analyze and Measure Performance

  • Tracking email delivery, open, and click rates to measure report effectiveness
  • Generating internal analytics and business intelligence
  • Creating aggregated, anonymized benchmarks and insights

4. How We Share Your Information

We do not sell, rent, or lease your personal information to third parties. We share information only in the following limited circumstances:

4.1 Service Providers and Sub-Processors

We engage trusted third-party service providers to assist in operating and delivering the Service. These providers process data on our behalf and are contractually obligated to use your information solely for the purposes we specify and to maintain appropriate security measures.

4.2 Integration Partners

When you connect the Service with third-party platforms, data may flow bidirectionally between Trayo and those platforms in accordance with your configuration. You are responsible for reviewing the privacy practices of any platform you connect to the Service.

4.3 Legal Obligations

We may disclose your information if required to do so by law, regulation, legal process, or governmental request, or if we believe in good faith that disclosure is necessary to comply with a legal obligation, protect the rights or safety of Trayo or our users, or detect and prevent fraud or security issues.

4.4 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you of any such transfer and any choices you may have regarding your information.

4.5 With Your Consent

We may share your information with third parties when you have given us explicit consent to do so.

4.6 Aggregated and De-Identified Data

We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you or any individual, for purposes including research, analytics, benchmarking, and marketing.

5. Data Retention

We retain your information for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

5.1 Retention Periods

  • Account Registration Data: Duration of subscription + 60 days after termination
  • Customer Data: Duration of subscription + 60 days after termination, or upon earlier deletion request
  • Enriched Content: Duration of subscription + 60 days after termination
  • Email Engagement Data: 24 months from date of collection
  • Usage and Analytics Data: 24 months from date of collection
  • Debug and Workflow Logs: 90 days from date of creation
  • Communication and Support Data: 36 months from date of last communication
  • Aggregated and De-Identified Data: Indefinitely

5.2 Deletion Upon Termination

Upon termination of your subscription, we will delete or return your Customer Data within sixty (60) days of your written request. Certain data may be retained as required by law or for legitimate business purposes.

6. Data Security

We implement commercially reasonable technical, administrative, and organizational safeguards to protect your information against unauthorized access, alteration, disclosure, or destruction.

  • Encryption in transit: All data transmitted is encrypted using TLS 1.2 or higher.
  • Encryption at rest: Customer Data is encrypted at rest using AES-256 encryption.
  • Access controls: We implement role-based access controls (RBAC) and row-level security (RLS) at the database level.
  • Authentication: User authentication is managed through Supabase Auth with secure password hashing.

In the event of a data breach, we will notify you and applicable regulatory authorities in accordance with applicable laws, and in no event later than seventy-two (72) hours after becoming aware of the breach where required by law.

7. Cookies and Tracking Technologies

Essential Cookies. These are necessary for the Service to function and cannot be disabled. They include session cookies for authentication and security cookies for CSRF protection.

Analytics Cookies. We use PostHog for product analytics to understand how users interact with the Service.

Email Tracking Pixels. We embed 1x1 transparent pixel images in our email reports to track email opens.

You can control cookies through your browser settings. However, disabling essential cookies may impair your ability to use the Service.

8. Your Rights and Choices

Depending on your jurisdiction, you may have certain rights regarding your personal information, including:

  • Access and Portability — request a copy of your personal information
  • Correction — request correction of inaccurate or incomplete information
  • Deletion — request deletion of your personal information
  • Restriction of Processing — request restriction under certain circumstances
  • Objection — object to processing based on legitimate interests
  • Withdrawal of Consent — withdraw consent at any time
  • Non-Discrimination — we will not discriminate for exercising your rights

To exercise any of the above rights, please contact us at privacy@trayo.ai with the subject line "Privacy Rights Request."

9. Information About Third-Party Data Subjects

The Service monitors publicly available business information, which may include the names, job titles, and professional activities of individuals at companies tracked by our customers. This information is sourced from public sources and licensed third-party data providers.

If you are a Third-Party Data Subject and wish to exercise your rights, please contact us at privacy@trayo.ai with the subject line "Data Subject Rights Request."

10. International Data Transfers

Our primary data infrastructure is hosted in the United States. By using the Service, you acknowledge that your data may be transferred to, stored, and processed in the United States. For data originating from the EEA, UK, or Switzerland, we rely on Standard Contractual Clauses (SCCs) and Data Processing Agreements with our sub-processors.

11. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have specific rights under the CCPA/CPRA, including the right to know, right to delete, right to correct, and the right to opt-out of the sale of personal information. We do not sell your personal information.

California residents may exercise their rights by contacting us at privacy@trayo.ai.

12. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us at privacy@trayo.ai.

13. Do Not Track Signals

Some web browsers transmit "Do Not Track" (DNT) signals. At this time, the Service does not respond to DNT signals.

14. Third-Party Links and Services

The Service may contain links to third-party websites. This Privacy Policy does not apply to those third-party services, and we are not responsible for their privacy practices.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through a prominent notice within the Service at least thirty (30) days before the changes take effect.

16. Contact Information

If you have any questions or concerns about this Privacy Policy, please contact us:

Trayo AI, Inc.
San Mateo, California
Email: privacy@trayo.ai
General inquiries: team@trayo.ai

The future of AI runs on signals

Agents don't need more data, they need better inputs. Trayo is the signal layer powering today's AI-native operations.

Book a Demo Book a Demo