2. What we do
We provide a platform that lets you integrate and automate the software you use via APIs. While we’re based in the United States, we also have a wholly owned UK subsidiary (Plan.nr Ltd). Our staff in both countries work harmoniously together to provide our service and develop the platform.
Our UK subsidiary is our EU GDPR representative. Contact and registration details for both the US and our UK subsidiary are available at the bottom of this policy.
3. How we protect your personal data
We understand the importance of the data we collect on our customers, and the sensitivity of what our customers may want to use our platform for. We therefore take full precautions and provide full transparency of how we do this. See our security page at https://tray.io/trust for information on how we safeguard your data and the compliance certifications we maintain.
4. What we do with your data
Website visitors and Cookies
When you visit our website, we’ll place tracking cookies on your device in order to:
- Understand how you use our website in order to improve it
- Identify if you're a returning visitor or whether you have seen any of our advertisements on other websites
- Try to understand whether you are the sort of person who might want to become a Tray.io customer. We sometimes ask third-party services if they have seen your IP address before
- To detect malicious visitors to protect our services
As we use tracking services from third-party companies, cookies from these companies might also be placed on other websites that you browse. More information on the cookies we may use can be found below.
The cookies we may use include:
Service Description URL for Privacy Notice and Opt-Out
- FullStory User action/intelligence service https://www.fullstory.com
- Marketo Marketing platform https://www.marketo.com
- Google Analytics Analytics platform https://www.google.com/analytics/
- Segment Analytics platform https://segment.com
- Castle.io User analytics/Fraud detection https://castle.io/
- Clearbit Business intelligence service https://clearbit.com/
- Mixpanel User analytics https://mixpanel.com/
- AdRoll Advertising management https://www.adroll.com/
- Google Adwords Advertising tracking https://adwords.google.com
- Facebook Advertising tracking https://www.facebook.com/
- Google Tag Manager Tag management https://www.google.com/analytics/tag-manager
- Twitter Advertising tracking https://www.twitter.com/
- AddThis Social media sharing http://www.addthis.com/
- Capterra Software recommendation service https://www.capterra.com/
- G2Crowd Software recommendation service https://www.g2crowd.com/
- LinkedIn Business relationship management https://www.linkedin.com/
- Outbrain Advertising tracking https://www.outbrain.com/
- Cloudflare Site optimization and security https://www.cloudflare.com/
- Optimizely A/B testing https://www.optimizely.com/
- Google Captcha Human verification https://www.google.com/recaptcha/
- Bugsnag Error monitoring https://www.bugsnag.com/
- Typekit Fonts https://typekit.com/
- Prismic.io Site content https://prismic.io/
- FreeGeoIP Location tracking https://ipstack.com/
- Intercom Live chat https://www.intercom.com/
- Sleeknote On-site messaging https://sleeknote.com/
If you have expressed an interest in our products or platform, or you have signed up for an account, we may use the contact information you provided to better understand how we can tailor the service to you and better inform our sales team.
- Your contact information may be shared with third-party services for the purpose of finding additional public data about you to aid our sales team, or to provide a more-tailored service. These third parties act as data processors and will only be allowed to process this data based on our instructions for the purposes stated above.
- If you create an account with us, we may need extra personal data to ensure the security of your account. You may be asked to create a password which will not be viewable by us, or provide an access token which won’t be usable by us.
- We may use your phone number or your email address to send direct or marketing emails in order to contact you about the use of the service or to promote services that we feel you will be interested in.
- Phone calls may be recorded for staff training or sales quality purposes.
The lawful basis for processing the personal data of Tray.io users is for the legitimate interest of our business. We will only process personal data in ways that our customers would expect of us in order to provide the service they’ve expressed interest in.
If you do not continue to become a customer of ours, then we will delete your data 1 year after signing up or expressing interest with us.
If you’re a customer and have a contract with us, or are potentially going to become a customer, in addition to using your data in the ways mentioned above for Tray.io users, we’ll need to collect data to process payments, provide support, and monitor your usage of our services.
- This is to ensure you’re receiving the level of service you expect, to help us develop our platform even further, or to do what’s necessary for you to become a customer of ours.
- Third-party services may be used to aid this process, such as customer support services like Intercom, payment services like Stripe, or analytics tools like Mixpanel to learn how you use our services.
- While using our services, you may transfer personal data into our platform so that you can take advantage of our API automation. In order to do this, we’re likely to require authentication data including usernames, passwords, and tokens. Authorized support staff are only able to view and use this data, with your permission, to provide support for your service.
The lawful basis for processing the personal data of Tray customers is for the performance of the contract we have in place, or in order to enter into a contract.
Most personal data will be deleted 1 month after you end your contract with us. However, other, non-sensitive personal data may be stored for up to 1 year after you end your contract with us. Data required for legal purposes, such as accounting data, will be stored for as long as legally required.
Sharing of data with third parties
Like many companies, we use a number of third-party services to help us provide the service you expect. While these services may require your personal data, we only allow these services to use it under strict conditions, and we perform adequate due diligence on these companies and the countries they operate in.
Tray is a global company. We’re headquartered in the US and we have an office in the UK. We therefore may transfer personal data outside of the country it was collected in, or outside of the European Economic Area ("EEA").
All international transfers are performed under the strict safeguards mentioned on our security page at https://tray.io/trust. When transferring personal data outside of the EEA, we comply with the applicable legal requirements of providing adequate safeguards.
We are soon to become EU-US Privacy Shield certified and our UK subsidiary is GDPR compliant. The same high standards of data protection and data privacy required by the GDPR are implemented throughout our company.
Whenever we transfer personal data out of the European Economic Area (EEA), we will comply with applicable data protection law.
What rights you have over your personal data
As the owner of your personal data, you have the right to:
- View, restrict the processing of, or update any personal data we hold about you. A lot of this data can be viewed, updated, and exported if you login at https://app.tray.io. For any additional data, please contact us.
- Erase any personal data that is not required for a legal or contractual reason.
- Remove yourself from marketing by clicking the opt-out link at the bottom of any marketing email.
The data controller is Tray.io, inc, 1161 Mission Street, San Francisco, CA 94103, United States.
Our UK subsidiary and EU representative for the GDPR is Plan.nr Ltd, 9th Floor, 107 Cheapside, London, EC2V 6DN, UK.
Should you wish to file a complaint regarding our use of your personal data, the supervisory authority for the UK is the Information Commissioner’s Office and can be reached at https://ico.org.uk.
This policy will be kept up-to-date inline with our processes. Minor amendments may be added to this policy without notice, whereas we will inform our customers of any significant changes. It was last updated on 25 May 2018.