Login

Privacy Policy

Last Updated: March 3, 2026

1. Overview

Trailbase, a product of Frozo Software Pvt Ltd (“we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard data processed through our Enterprise Readiness Kit services, including audit logging and RBAC management.

2. Data Collection

We collect information necessary to provide audit logging services to our customers. This includes:

  • Event metadata (actor IDs, IP addresses, resource identifiers)
  • Administrative account information (emails, names, company names)
  • Technical logs for system maintenance and security
  • Usage analytics to improve service quality

3. Cookies & Tracking

We use essential cookies for authentication and session management. We do not use third-party advertising cookies. Our analytics are privacy-focused and do not track individual users across websites. You can disable non-essential cookies through your browser settings.

4. Third-Party Services

We use the following third-party services to provide and improve our platform:

  • Infrastructure: AWS (EU region) for hosting and data storage
  • Email: Transactional email provider for account notifications
  • Error tracking: Sentry (opt-in) for application error monitoring
  • Payment processing: Dodo Payments for billing (when applicable)

All third-party providers are bound by data processing agreements and are GDPR-compliant.

5. Data Integrity & Security

As an enterprise security platform, data integrity is our core focus. Every audit event ingested is cryptographically hashed using SHA-256 and stored in hash-chains to prevent tamper. We use industry-standard encryption (AES-256 at rest, TLS 1.3 in transit). Access to production systems is restricted and logged.

6. GDPR Rights

If you are a resident of the European Economic Area (EEA), you have the following rights under GDPR:

  • Right of Access: Request a copy of all personal data we hold about you
  • Right to Rectification: Request correction of inaccurate personal data
  • Right to Erasure: Request deletion of your personal data (subject to legal retention requirements)
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing of your personal data
  • Right to Restrict Processing: Request restriction of processing in certain circumstances

To exercise any of these rights, contact us at trailbase@frozo.ai. We will respond within 30 days.

7. Data Retention

Audit event data is retained according to your plan's retention policy (7 days to 10 years). Administrative account data is retained for the duration of your account plus 30 days after deletion. Technical logs are retained for 90 days. You can request data export or deletion at any time.

8. EU Data Residency

All customer data is processed and stored within the European Union (AWS eu-west-1 region, Ireland). We strictly adhere to GDPR requirements regarding data transfers and processing. No data is transferred outside the EEA without appropriate safeguards (Standard Contractual Clauses or adequacy decisions).

9. International Data Transfers

When data is transferred outside the EEA (for example, to third-party service providers), we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission, or transfer to countries with an adequate level of data protection.

10. Data Breach Notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify affected customers within 72 hours of becoming aware of the breach. Notification will include the nature of the breach, likely consequences, measures taken, and contact information for our data protection team.

11. Data Processing Agreement (DPA)

For customers on Growth and Enterprise plans, we offer a Data Processing Agreement (DPA) that outlines our obligations as a data processor. The DPA covers processing scope, security measures, subprocessor management, and breach notification procedures. Contact us at trailbase@frozo.ai to request a DPA.

12. Subprocessors

We maintain a list of subprocessors who may process customer data on our behalf. We will notify customers of any changes to our subprocessor list at least 30 days before engaging a new subprocessor. Current subprocessors include our infrastructure provider (AWS EU), email delivery service, and payment processor.

13. Children's Privacy

Trailbase is a business-to-business service and is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child, we will take steps to delete that information promptly.

14. Contact Us

For privacy-related inquiries, data subject access requests, or to exercise your GDPR rights, please contact us at:

Email: trailbase@frozo.ai
Company: Frozo Software Pvt Ltd
Response time: Within 30 days for GDPR requests