datatrip.ai Privacy Policy

Last Updated: September 24, 2025

‍

Operator: DataTrip.ai is operated by Trawelt Consulting d.o.o., a company registered in Zagreb, Croatia (Company PIN: 78257735485). We are committed to protecting your privacy and maintaining robust security measures. This section outlines both our Privacy Policy and Terms of Service, reflecting our compliance with applicable laws and our dedication to transparency and security. Please read it carefully.

Privacy Policy

Our Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the DataTrip.ai website or services trawelt.com. We adhere to the EU General Data Protection Regulation (GDPR) and other applicable data protection laws. In summary, we only collect the data we need, protect it with high security standards, and give you control over your personal information.

Information We Collect

Information You Provide: When you interact with DataTrip.ai (e.g. by contacting us, requesting a demo, or signing up for a trial), we may collect personal information such as your name, email address, company/organization, and any other details you voluntarily provide. For example, our contact or demo request forms may ask for your full name, work email, company name, and message content. We use this data to respond to your inquiries and provide our services as requested.
Information from Salesforce Integration: If you choose to integrate DataTrip.ai with your Salesforce account, our service (which runs natively within Salesforce) will access and process certain data from your Salesforce CRM in order to perform data hygiene and enrichment functions. This may include business contact information or other CRM data needed for the service’s features. We only process such data on your behalf to deliver the functionality of DataTrip.ai, and do not use it for any other purposes.
Information Collected Automatically: Like most websites, we gather some data automatically when you visit DataTrip.ai. This includes technical information such as your IP address, browser type, device identifiers, and browsing behavior on our site. We may use cookies or similar technologies to remember your preferences and analyze how users navigate our site. For instance, we might use analytics tools (like Google Analytics) to collect anonymized usage statistics (with features like IP anonymization) for improving our website’s performance and usability. We do not use these technologies to identify you for advertising, and we do not store sensitive personal data in cookies. You can control or disable cookies through your browser settings at any time.

How We Use Your Data

We use personal data strictly for legitimate business purposes in accordance with the law. The main uses of your data include:

Providing and Improving the Service: We process your information to set up your account or trial, to provide the features of DataTrip.ai, and to improve our platform’s functionality. For example, information from your Salesforce CRM is processed only to clean or enrich your data as instructed by you, and results are provided back into your Salesforce environment. We do not use that data for any purpose other than delivering the service you signed up for.
Communication: We use contact details (like your email) to communicate with you for service-related purposes. This includes responding to messages or inquiries you send us, sending necessary account or transaction information, and providing customer support. If you have requested a demo or subscribed to updates, we may send you informational content such as product updates or newsletters, but only with your consent. You can opt out of marketing emails at any time (each newsletter we send will include an “unsubscribe” link).
Security and Fraud Prevention: Automatically-collected data (such as IP addresses or logs) may be used to monitor and maintain the security of our website and services trawelt.com. For example, we may retain IP addresses temporarily to detect and prevent malicious activities or unauthorized access. This falls under our legitimate interest in keeping our services safe and reliable.
Legal Compliance: In some cases, we may need to process personal data to comply with legal obligations. For instance, we may retain certain transaction records for accounting purposes or cooperate with lawful requests from authorities if required by law.

We do not sell your personal data to third parties. We only use your information as described above and in accordance with a lawful basis under GDPR. Specifically, we rely on your consent for optional activities (e.g. when you subscribe to a newsletter or request a demo) and on legitimate interests for core functionality and security (balancing such interests with your rights) trawelt.com. If we ever need to process data for a new purpose not described here, we will seek your consent or provide required notice.

Data Storage and Processing

We store and process personal data with a high level of care and security. Key details about our data storage and processing include:

Hosting on AWS: DataTrip.ai uses Amazon Web Services (AWS) cloud infrastructure to host our website and related services. AWS is an industry-leading cloud provider, and our use of AWS means your data is stored in secure, state-of-the-art data centers with strong physical and network security controls. We choose AWS in part for its robust privacy and security features, including the ability to encrypt data in transit and at rest aws.amazon.com. Whenever possible, we select AWS data center regions in jurisdictions that ensure compliance with GDPR (for example, hosting data in the European Economic Area). We will not move or replicate your content outside of your chosen region or the region necessary for our service without informing you aws.amazon.com.
Salesforce-Native Application: Our core product operates within your Salesforce environment. This means that much of the data processing happens inside Salesforce’s platform (we leverage Salesforce’s native capabilities and your data largely remains in your Salesforce cloud). However, certain processing (such as interacting with external enrichment sources or orchestrating bulk updates) may be facilitated by our AWS backend in order to deliver results into Salesforce. In all cases, personal data processed through our service is handled securely and only for your organization’s purposes. Salesforce, as a trusted CRM platform, also maintains stringent security and privacy standards; our integration with Salesforce is designed to respect and complement those standards.
Third-Party Service Providers: In addition to AWS and Salesforce, we may use a few select third-party services (“data processors”) to help us run DataTrip.ai. For example, we use Calendly to schedule demos (which will collect your scheduling information on our behalf) and may use an email service (like Twilio SendGrid) to send newsletters or system emails. We ensure that all third-party providers we engage are bound by contracts that enforce strict data protection obligations in line with GDPR. They are only permitted to process your data for the specific purposes we instruct, and they cannot use it for their own marketing or other purposes. A summary of key processors:
- Amazon Web Services (AWS): hosting and infrastructure provider (secure cloud servers) datatrip.ai.
- Salesforce: platform in which our application runs; acts as a host for the data you choose to process with DataTrip.ai.
- Google Analytics: website analytics service (if used) to gather anonymous usage data, with IP-anonymization and no personal identifying info (used for improving our website’s user experience).
- Email/Newsletter Provider: if we send out newsletters or product updates, we may use a service like SendGrid or Mailchimp to manage our mailing lists. These providers would handle your email address solely to send the communications you signed up for, and you can unsubscribe anytime.
We can provide a full list of current sub-processors upon request. We do not share personal data with any third parties besides these service providers, except in cases where we are legally compelled (for example, in response to a valid law enforcement request) or when you explicitly direct us to do so.
International Data Transfers: Whenever your personal data is transferred outside of the European Union/European Economic Area (for example, stored on servers in another country), we ensure that appropriate safeguards are in place. Our contracts with service providers include standard data protection clauses as required by GDPR to protect your information. We also rely on providers (like AWS and Salesforce) that maintain certifications and compliance measures (such as EU-US data transfer frameworks or standard contractual clauses) to facilitate lawful international data transfers. Our goal is to ensure the same level of protection for your data no matter where it is processed.

Security Measures

We take security very seriously and implement multiple layers of protection for the personal data we handle. Some of the key security measures in place include:

Encryption: All data is encrypted in transit and at rest. This means that any personal information transmitted between your browser and our site (or between our systems and Salesforce) is protected by encryption (HTTPS/TLS), and any data we store on disk is encrypted using strong industry-standard algorithms datatrip.ai. Encryption ensures that even if data were intercepted or accessed improperly, it would be unreadable without the proper keys.
Access Controls: We employ strict access control mechanisms, including role-based access and the principle of least privilege datatrip.ai. Only authorized personnel who need to process your data to fulfill their job duties (for example, a support engineer helping resolve a technical issue) can access personal data, and even then, only the minimum necessary data. Access to administrative interfaces and databases is protected with strong authentication (including multi-factor authentication where possible). For enterprise clients, we support Single Sign-On (SSO) integration, meaning you can control user access to our application through your own identity provider for added security datatrip.ai.
Audit Logs and Monitoring: We maintain audit logs of key activities in the system datatrip.ai. This helps us monitor access to data and detect any unusual behavior. For example, our system logs administrative access and significant actions, and we routinely review these logs for any signs of unauthorized access or anomalies. Salesforce itself logs user activities within the CRM, and our integration does not circumvent those logging mechanisms.
Secure Development Practices: Our development and operations follow security best practices. We keep our software and dependencies up-to-date with security patches. We perform regular vulnerability assessments and, when appropriate, penetration testing to identify and address potential security weaknesses.
Network Security: The DataTrip.ai infrastructure on AWS is protected by firewalls, network segmentation, and continuous monitoring. We utilize AWS’s security services and best practices (such as secure VPC configurations, security groups, and intrusion detection systems) to guard against external threats.
Data Backups and Recovery: We regularly back up critical data to prevent loss in case of hardware failure or other issues. Backups are encrypted and stored securely (and are subject to the same access controls). In the event of an incident, we have a disaster recovery plan to restore functionality with minimal downtime.
Employee Training and Policies: All team members at Trawelt Consulting d.o.o. are trained on data protection and security protocols. We have internal policies in place to ensure that privacy is respected and that employees handle data securely and confidentially. Team members are required to adhere to these policies and are subject to disciplinary measures if they fail to do so.

In summary, we apply “state-of-the-art” security measures (as required by GDPR Article 32) appropriate to the level of sensitivity of the data. Our goal is to prevent data breaches, but in the unlikely event of a security incident affecting personal data, we have procedures to notify affected users and authorities as required by law (GDPR breach notification rules).

(For more technical details, you may refer to our separate Security page or FAQ. For instance, our FAQ notes that our app is hosted on AWS and runs within Salesforce, and that data is encrypted in transit and at rest with controls like SSO and audit logs datatrip.ai.)

Your Rights Under GDPR

As an individual in the European Union (or in other jurisdictions with similar laws), you have specific rights regarding your personal data. DataTrip.ai honors all applicable data subject rights under the GDPR. These include trawelt.com:

Right of Access: You have the right to request confirmation of whether we are processing personal data about you, and if so, to obtain a copy of that data and certain information related to its processing. In practice, this means you can ask us to provide a copy of the personal information we hold on you trawelt.com. We will provide this in a commonly used electronic form, unless you request otherwise.
Right to Rectification: If any of your personal data that we have is inaccurate or incomplete, you have the right to request that we correct or update it trawelt.com. For example, if you change your email address or find a typo in information we have stored, you can ask us to fix it and we will do so without undue delay.
Right to Erasure: Also known as the “right to be forgotten,” this right allows you to request the deletion of your personal data in certain circumstances trawelt.com. You can ask us to erase your data, for instance, if it’s no longer needed for the purpose it was collected, or if you withdraw consent and we have no other legal basis to keep it. We will honor valid erasure requests and delete your information, provided we are not required to retain it for legal reasons.
Right to Restrict Processing: You have the right to request that we limit the processing of your personal data under certain conditions trawelt.com. This could apply if you contest the accuracy of the data or if you object to us processing it (pending our review of your objection). While processing is restricted, we can store the data but not use it further until the issue is resolved.
Right to Data Portability: You have the right to obtain the personal data you provided to us in a structured, commonly used, machine-readable format, and to transfer that data to another controller where technically feasible trawelt.com. In plain terms, we will, at your request, export your data in a format like CSV or JSON so that you can move it to another service. If you prefer and if it’s feasible, we can also transmit the data directly to another service provider at your direction.
Right to Object: You have the right to object to our processing of your personal data in certain situations trawelt.com. For example, if we are processing your data based on legitimate interests, you can object if you feel our interests are overridden by your privacy rights. If you object, we will stop that processing unless we have a compelling legitimate ground to continue or if it’s needed for legal claims. You also have an absolute right to object to direct marketing – meaning if you unsubscribe or opt out, we will stop sending you marketing emails or other direct marketing communications.

In addition to the above rights, you also have the right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects or similarly significant effects on you. However, DataTrip.ai does not engage in fully automated decision-making of that nature without human involvement – our services involve helping users manage data, and any major decisions (like whom to contact or what data to update) are controlled by users, not solely algorithms.

Exercising Your Rights: You can exercise any of these rights by contacting us (see the Contact Us section below). We may need to verify your identity for security purposes before fulfilling your request (for example, to ensure that we do not disclose your data to someone else). Once verified, we will respond to your request as soon as possible and at least within one month, as mandated by GDPR. If your request is complex or if we receive many requests, we may extend this period by up to two further months, but we will inform you of any extension within the initial one-month period edpb.europa.eu edpb.europa.eu. There is no fee for making such requests in most cases. If a request is manifestly unfounded or excessive, we are permitted by law to either refuse it or charge a reasonable fee, but we rarely anticipate this being the case.

If you have given consent for a particular processing activity, you have the right to withdraw your consent at any time. Withdrawing consent will not affect the lawfulness of processing already carried out, but it will mean we stop the specific activity you had consented to (for example, if you consented to receive newsletters, you can withdraw and we will cease sending them). You can withdraw consent by contacting us or, for emails, simply by using the unsubscribe link provided.

Finally, you have the right to lodge a complaint with a data protection supervisory authority if you believe we have infringed your privacy rights. We kindly ask that you consider contacting us first so we can address your concerns directly, but you are entitled to complain directly to an EU Data Protection Authority. Since we are based in Croatia, our lead supervisory authority is the Croatian Personal Data Protection Agency (AZOP), but you may contact any EU supervisory authority, such as in your country of residence, to file a complaint.

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable laws (such as tax or accounting regulations). In practice, this means:

If you contact us or request a demo/trial, we will retain your contact information and correspondence as long as needed to respond to you and carry out the requested service. For example, if you sign up for a free trial, we will keep your account data for the duration of the trial and for a reasonable period afterward in case you decide to subscribe.
If you have subscribed to a newsletter or agreed to receive marketing, we will retain your contact details until you unsubscribe or ask us to delete them (or if our emails bounce repeatedly).
If you are a customer, we will retain your data while your account is active and thereafter as needed for legitimate business purposes (e.g. maintaining records of transactions, or as required for legal compliance). Typically, once you terminate your use of DataTrip.ai, we will delete or anonymize personal data after a set period unless we are required to keep it longer.
Logs and security records (such as IP addresses in logs) are generally kept for a short period only for security analysis and then either deleted or anonymized. For instance, we might retain server logs for, say, 30 days before automatic deletion, unless we are investigating specific incidents.

When we no longer need personal data, we securely delete or anonymize it so it can no longer be associated with an individual. We have defined retention schedules for different categories of data to ensure we do not keep data indefinitely. These practices implement the principle of “storage limitation” – i.e., we only store personal data for as long as necessary for the purposes we collected it gdpr.eu.

Disclosure of Data

We treat your personal information as confidential. We will not disclose or share it with third parties except in the limited scenarios described below:

With Your Consent or Instruction: We will share your information with third parties if you specifically ask or consent to us doing so. For example, if you ask us to integrate a DataTrip.ai feature with another service or you use an option that involves a third-party, we will do so only with your permission.
Service Providers: As noted in the Data Storage and Processing section, we share data with our trusted service providers (like AWS, Salesforce, etc.) who need the information to perform services on our behalf. These parties are bound by confidentiality and data protection agreements. They cannot use your data for anything other than the agreed-upon purpose.
Legal Requirements: We may disclose your personal data if required to do so by law or in response to valid requests by public authorities (e.g., a court order, subpoena, or government demand). If a government or law enforcement request is made for your data, our policy is to review it carefully and only comply if we are legally obligated. Whenever possible and allowed, we will attempt to notify you of such requests so you can seek legal remedies. (Note: AWS follows a similar practice of redirecting government requests to the customer when legally possible aws.amazon.com, and we uphold that principle as well.)
Business Transfers: If our company or business (DataTrip.ai) is involved in a merger, acquisition, reorganization, or asset sale, your personal data might be transferred to the new owner or partner as part of that transaction. If such a change in ownership happens, we will ensure the new entity is bound to respect the terms of this Privacy Policy or we will notify you and give you an opportunity to opt-out of the transfer of your data.
Enforcing Rights and Safety: We may disclose data to third parties (such as lawyers or collection agencies) if necessary to enforce our terms or agreements, to investigate potential violations (such as misuse of our service), or to protect the rights, property, and safety of DataTrip.ai, our users, or others. This could include sharing information with fraud prevention agencies or exchanging information with other companies and organizations for cybersecurity protection.

Importantly, we do not sell or rent your personal information to marketers or other unrelated parties. We also do not share any personal data with third-party advertisers or ad networks.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. If we make material changes, we will notify users by posting the updated policy on our website and updating the "Last Updated" date at the top. In some cases, we might provide additional notice (such as a banner on our site or an email notification for significant changes). We encourage you to review this page periodically to stay informed about how we protect your data trawelt.com. Continued use of DataTrip.ai after any changes to the Privacy Policy constitutes acceptance of those changes, to the extent permitted by law.

‍