Trail Privacy Policy

1. Introduction

Welcome to Trail. Trail Cloud Innovation Services Pvt. Ltd. ("Trail," "we," "us," or "our") is committed to protecting the privacy and security of your data. As an AI-powered Customer Relationship Management (CRM) platform for the pharmaceutical and life sciences industry, we understand the importance of handling personal and sensitive information with the utmost care and in compliance with global data protection standards.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website (trail.do), use our services (the "Services"), or otherwise interact with us. It also describes your rights regarding your personal data.

2. Scope of this Policy

This policy applies to the personal data we process as a Data Controller, including:

• Visitor Data: Information collected from visitors to our website.
• Customer Data: Information collected from our customers when they sign up for and use our Services (e.g., user account information).

This policy does not apply to the data that our customers upload, manage, and process within our CRM platform ("Service Data"). In the context of Service Data, Trail acts as a Data Processor on behalf of our customers, who are the Data Controllers. Our obligations as a Data Processor are governed by the Data Processing Agreements (DPAs) we have with our customers.

3. Information We Collect

We may collect the following types of personal data:

Information You Provide to Us:

• Account Information: When you create an account, we collect your name, email address, phone number, company name, and password.
• Communications: When you contact us for support or other inquiries, we collect the content of your communications.
• Marketing Information: When you request a demo or subscribe to our newsletter, we collect your name, email, and company information.

Information We Collect Automatically:

• Usage Data: We collect information about how you interact with our website and Services, including IP address, browser type, operating system, pages viewed, and the dates/times of your visits.
• Cookies and Tracking Technologies: We use cookies and similar technologies to operate and analyze our website and Services. For more details, please see our Cookie Policy.

4. How We Use Your Information

We use the information we collect for the following purposes:

• To provide, operate, and maintain our Services.
• To process and complete transactions, and send you related information, including purchase confirmations and invoices.
• To manage our customers' use of the Services, respond to inquiries and comments, and provide customer service and support.
• To send you technical alerts, updates, security notifications, and administrative messages.
• For marketing purposes, such as sending you promotional communications about new features, products, and events. You can opt-out of receiving marketing communications at any time.
• To analyze trends, monitor usage, and improve our website and Services.

5. Legal Basis for Processing (for EEA/UK Users)

If you are in the European Economic Area (EEA) or the United Kingdom (UK), our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it. We will normally collect personal information from you only where we have your consent to do so, where we need the personal information to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms.

6. Data Sharing and Disclosure

We do not sell your personal data. We may share your information in the following limited circumstances:

• Service Providers: We may share your information with third-party vendors and service providers who perform services on our behalf (e.g., cloud hosting, payment processing, analytics).
• Legal Compliance: We may disclose your information if required to do so by law or in the good faith belief that such action is necessary to comply with a legal obligation, protect and defend our rights or property, or in urgent circumstances to protect the personal safety of users or the public.
• Business Transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction.

7. International Data Transfers

Your information may be transferred to, and processed in, countries other than the country in which you are resident. These countries may have data protection laws that are different from the laws of your country.

Specifically, our servers are located in [e.g., the United States], and our third-party service providers and partners operate around the world. We have taken appropriate safeguards to require that your personal information will remain protected in accordance with this Privacy Policy. For transfers of personal data from the EEA, UK, and Switzerland, we rely on mechanisms like the Standard Contractual Clauses (SCCs).

8. Data Security

We have implemented appropriate technical and organizational security measures designed to protect the security of any personal information we process. However, please also remember that we cannot guarantee that the internet itself is 100% secure.

9. Your Data Protection Rights

You have certain rights regarding your personal data, which may vary depending on your location.

• General Rights: You may have the right to access, correct, update, or request deletion of your personal information.
• Your Rights under GDPR (Europe): If you are a resident of the EEA or UK, you have the right to object to processing of your personal information, ask us to restrict processing of your personal information, or request portability of your personal information.
• Your Rights under CCPA/CPRA (California, USA): If you are a California resident, you have the right to know what personal information is collected, used, and shared, the right to delete personal information, and the right to opt-out of the "sale" or "sharing" of your personal information.
• Your Rights under DPDPA (India): If you are a Data Principal in India, you have the right to access information about your personal data, the right to correction and erasure, and the right to grievance redressal.
• Other Jurisdictions (Middle East, Africa, Asia): We are committed to complying with all applicable local data protection laws, such as South Africa's POPIA and Singapore's PDPA. We will extend rights to users in these regions in accordance with local legal requirements.

To exercise any of these rights, please contact us using the details below.

10. Children's Privacy

Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The updated version will be indicated by an updated "Effective Date" and will be effective as soon as it is accessible.

12. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at: