Privacy Policy

Effective October 16, 2025

Trame (“we,” “us,” or “our”) provides an enterprise workflow platform that connects to authorized business systems, detects process bottlenecks, and recommends or executes corrective actions with optional human approval. This Privacy Policy explains how we handle information when customers and their authorized users access Trame, related websites, and professional services (collectively, the “Services”).

1. Information We Collect

  • Account & Contact Information: Names, work email addresses, phone numbers, roles, and authentication data submitted by a customer administrator or directly by a user.
  • Customer System & Workflow Data: Records, logs, configuration data, and documents retrieved through integrations you authorize (e.g., ERP, CRM, ticketing, communication platforms) as well as content you upload or generate inside Trame.
  • Usage & Telemetry Data: Feature usage, workflow execution metadata, performance metrics, error reports, and audit log entries gathered to operate and secure the Services.
  • Support Communications: Questions, feedback, and attachments sent to support, success, or sales channels, including any additional contact details provided.
  • Device & Network Data: Browser type, operating system, IP address, timestamps, and similar technical signals collected automatically when you access Trame.

2. How We Use Information

  • Deliver, configure, and maintain the Services.
  • Detect and resolve process bottlenecks requested by customers, with auditability and human-in-the-loop controls.
  • Provide customer support, incident response, and account management.
  • Improve and develop the Services, including training workflow models on de-identified or aggregated data.
  • Monitor security, prevent abuse, and enforce contractual terms.
  • Comply with legal obligations and respond to lawful requests.

3. Legal Bases for Processing (EEA/UK/Swiss Users)

  • Performance of a contract with the customer organization.
  • Legitimate interests in securing, improving, and supporting the Services.
  • Compliance with legal obligations.
  • Consent, where required (for example, certain marketing communications).

4. How We Share Information

  • Within our controlled affiliates on a need-to-know basis.
  • With subprocessors that host infrastructure, provide support tooling, analytics, or integrations—each bound by contractual data protection obligations.
  • With the customer organization administering your account; they control access to Customer Data and may configure retention, export, or deletion.
  • With third parties when legally required, to protect rights and safety, or to investigate fraud or security incidents.
  • In connection with a corporate transaction (merger, financing, acquisition) subject to confidentiality safeguards.

5. Customer Data & Roles

  • Customers control integrations, the categories of Customer Data ingested, and human approval settings.
  • We process Customer Data as a data processor/service provider under customer instructions and applicable data protection agreements.
  • Customers remain responsible for obtaining any necessary consents or disclosures to provide Customer Data to Trame.

6. Security

We implement administrative, technical, and physical safeguards, including access controls, encryption in transit and at rest, environment segregation, security monitoring, and incident response procedures. Customers should maintain strong authentication, role-based access, and review audit logs.

7. Retention

Account and operational data are retained for the customer’s subscription term plus any legally required period. Workflow execution data is retained per customer-configured policies, then deleted or anonymized. We may keep minimal logs for security or compliance after account closure, subject to legal limits.

8. International Data Transfers

We are based in the United States and may transfer data to the U.S. and other countries where we or our subprocessors operate. When required, we use Standard Contractual Clauses or other lawful transfer mechanisms.

9. Your Choices & Rights

  • Access, correction, deletion, or export of personal data should be requested through your organization’s administrator, who can engage us as needed.
  • Marketing emails include an opt-out link, while product or transactional communications are necessary for the Services.
  • EEA/UK/Swiss users may object to or request restriction of processing and may lodge a complaint with a supervisory authority.

10. Children

Trame is for enterprise use and is not directed to individuals under 16. We do not knowingly collect children’s personal information.

11. Changes

We may update this Privacy Policy to reflect changes to the Services or applicable law. We will post the revised policy with a new effective date and, when required, provide additional notice.

12. Contact

Contact us at dominic@tramehq.com.