PRIVACY POLICY

This policy applies to all data we process in the course of delivering services to Clients, including but not limited to cold email campaigns, paid advertising automation, CRM integration, hiring workflows, and analytics dashboards.

We are committed to ensuring the confidentiality, integrity, and availability of all personal data, and comply with applicable privacy and data protection laws, including:

• • The General Data Protection Regulation (EU GDPR and UK GDPR)
• • The California Consumer Privacy Act (CCPA) and CPRA
• • The CAN-SPAM Act
• • The U.S. Health Insurance Portability and Accountability Act (HIPAA), where applicable
• • Other U.S. federal and state privacy laws, as relevant

We collect the following types of data:

Where our Clients lawfully collect and share personal data with us (e.g., via API or file upload), we process that data strictly as a service provider or data processor.

We use collected data to:

• • Deliver services outlined in contracts with Clients
• • Conduct campaign and sales performance analytics
• • Provide automation workflows
• • Customize outreach and user experience for Clients
• • Improve our internal tools, systems, and analytics models

Note: We may anonymize or pseudonymize data to use in internal analytics, model training, benchmarking, and system optimization. This usage is conducted in a way that does not identify any Client or End User personally.

Our legal bases include:

• • Performance of a contract (with Clients)
• • Legitimate interest (e.g., internal analytics, fraud prevention)
• • Consent (where required by law)

We retain data only as long as necessary to:

• • Fulfill service obligations
• • Comply with applicable legal obligations
• • Protect our legitimate business interests (e.g., backups, dispute resolution)

Data we process on behalf of Clients is deleted or returned upon termination of services, unless otherwise required by law.

We may share personal data with:

• • Subprocessors (cloud infrastructure, analytics providers, email providers) under contractual safeguards
• • Legal authorities, if compelled by law

We do not sell End User or Client data.

When data is transferred outside the originating jurisdiction (e.g., from EU to U.S.), we implement Standard Contractual Clauses (SCCs) or similar safeguards as required by law.

Depending on your jurisdiction, you may have rights to:

• • Access or correct your data
• • Object to or restrict certain processing
• • Request deletion of your data
• • File a complaint with a regulatory authority

Requests can be made via tj@trixautomation.com.

For services that involve protected health information (PHI), we enter into Business Associate Agreements (BAAs) and comply with HIPAA standards, including:

• • Role-based access controls
• • Encrypted data storage and transfer
• • Breach notification procedures

We implement technical and organizational measures including:

• • Encrypted storage and transit
• • MFA for all admin accounts
• • Role-based access and audit trails
• • Regular data integrity checks

We may update this policy periodically to reflect changes in technology, regulations, or services. Clients will be notified of material changes via email or dashboard notification.

This policy forms part of our contractual framework with Clients and is binding upon all parties engaging with our services.