Trail Limited (we, us, our) complies with the New Zealand Privacy Act 2020 (the Act) when dealing with personal information. Personal information is information about an identifiable individual (a natural person).
This policy sets out how we collect, use, disclose and protect personal information when you use Trail (including our website and CRM platform).
This policy does not limit or exclude any of your rights under the Act. If you wish to seek further information on the Act, see www.privacy.org.nz.
We may change this policy by uploading a revised policy onto the website. The change will apply from the date that we upload the revised policy.
Trail provides CRM software to financial advisers and their organisations. Advisers may enter information relating to their own clients into the Trail platform.
In respect of client information entered into Trail by an adviser, Trail processes that information to provide the CRM service to the adviser and their organisation. The adviser (and/or their organisation) is responsible for ensuring they have the appropriate authority to collect and use their client’s information and to provide any required notices.
Personal information is information that can be used to identify an individual. Depending on how you use Trail, we may collect:
We collect personal information about you from:
If possible, we will collect personal information from you directly.
Trail allows authorised users to connect their Google account to enable Google Single Sign-On (SSO) and Google Workspace features such as Gmail and Google Calendar integration. Users are onboarded and registered prior to connecting a Google account. Google SSO is used solely to authenticate an existing Trail account and verify identity.
If you connect Google Workspace features, Trail will access Gmail and Google Calendar data only as necessary to provide the features you enable within Trail, such as sending emails on your behalf, synchronising relevant communications within Trail, and displaying or synchronising calendar events relevant to CRM activities.
Limited Use commitments: Google user data is used solely to provide and maintain core Trail functionality. We do not use Google user data for advertising, marketing profiling, or selling to third parties. We do not transfer Google user data to third-party analytics or advertising platforms.
Trail’s use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
We use personal information to:
We do not use Google user data obtained through Google APIs for advertising or marketing purposes. If we send service updates or product communications, these relate to your use of Trail (for example, feature updates, security notices, and administrative messages).
We only disclose personal information where necessary to provide and secure Trail, comply with law, or where you have authorised us to do so. We may disclose personal information to:
We do not sell personal information.
Google data: We do not transfer Google user data to third parties except to service providers who process data on our behalf for hosting, maintenance, and security, under contractual confidentiality and data protection obligations, and only as necessary to provide Trail.
Some service providers may be located outside New Zealand. Where personal information is held or processed outside New Zealand, we take reasonable steps to ensure overseas recipients are subject to comparable privacy safeguards (including contractual requirements consistent with the Act).
We take reasonable steps to keep personal information safe from loss, unauthorised activity, or other misuse. Our software is subject to security controls and auditing to ensure it continues to meet security requirements. Data is encrypted in transit and at rest and can only be accessed over secure network connections.
Where you connect Google Workspace features, we store tokens securely (encrypted at rest), restrict access, rotate credentials where applicable, and remove tokens when you disconnect Google.
We only retain personal information as long as it is required for the purposes for which it may lawfully be used, including to provide Trail, meet legal obligations, resolve disputes, and enforce our agreements. Data stored online is backed up and can be retrieved in the event of data loss or corruption. Data may sometimes be held on-premise if it is provided to us outside of our software (for example, during onboarding or support), and will be protected in line with this policy.
Subject to certain grounds for refusal set out in the Act, you have the right to access your readily retrievable personal information that we hold and to request a correction. Before you exercise this right, we will need evidence to confirm that you are the individual to whom the personal information relates.
In respect of a request for correction, if we think the correction is reasonable and we are reasonably able to change the personal information, we will make the correction. If we do not make the correction, we will take reasonable steps to note on the personal information that you requested the correction.
If you want to exercise either of the above rights, email us at support@gettrail.com. Your email should provide evidence of who you are and set out the details of your request (e.g. the personal information, or the correction, that you are requesting).
We may charge you our reasonable costs of providing copies of your personal information or correcting that information.
We have processes and systems in place to respond to suspected privacy incidents. If a notifiable privacy breach occurs, we will assess the incident and take steps required by the Act, including notifying affected individuals and/or the Office of the Privacy Commissioner where required.
While we take reasonable steps to maintain secure internet connections, if you provide us with personal information over the internet, the provision of that information is at your own risk.
If you follow a link on our website to another site, the owner of that site will have its own privacy policy relating to your personal information. We suggest you review that site’s privacy policy before you provide personal information.
We use cookies (an alphanumeric identifier that we transfer to your computer’s hard drive so that we can recognise your browser) to operate the website and understand how it is used. You may disable cookies by changing the settings on your browser, although this may mean that you cannot use all of the features of the website.
We may use monitoring, logging, and session diagnostics tools to help prevent unauthorised access, maintain security, and diagnose issues. Where third-party tools are used for diagnostics, we configure them to avoid recording sensitive content and we do not provide Google Workspace data (such as Gmail content or calendar details) to third-party analytics or advertising platforms.