Privacy Policy — Trailivo

Plain-English summary

This is the privacy policy for the Trailivo marketing website (the site you are reading right now) and for prospects who book a call with us. It does not cover end-user data collected by trail organizations using our platform — those organizations have their own privacy policies for their hikers.

Short version:

We collect the minimum we need to run a sales conversation: your name, email, optionally your trail's name, and what you write to us.
We use a small number of standard tools (Calendly for scheduling, an analytics service that doesn't profile you, an email provider).
We do not sell your data, ever. We do not target advertising at you.
You can ask us at any time to delete everything we have on you, and we will.

1. Who we are

PIXELO MOBILE LTD, a private limited company incorporated in England and Wales (Company No. 10585806), with registered office at 565 Green Lanes, Haringey, London, N8 0RL, United Kingdom. We are the data controller for the data described in this policy. References to "we," "us," "our," and "Trailivo" mean PIXELO MOBILE LTD.

Contact for privacy-related questions: [email protected].

2. What data we collect, and why

What	When	Why
Name & email	When you book a call or email us	To run the conversation, follow up, send a quote
Trail / organization name	When you book a call or email us	To prepare for the call
Whatever you write in your message	When you email us or fill in a form	To answer your question
Calendly booking metadata (timezone, calendar)	When you schedule a call	To schedule a meeting in both timezones correctly
Anonymous web analytics (page views, referrer, country)	When you visit the site	To understand which pages people read; never tied to identity
IP address, briefly	When you visit the site	For security and fraud prevention; not stored long-term

What we do not collect: we do not run advertising trackers, we do not run Google Analytics or Facebook Pixel, we do not build behavioral profiles, we do not buy or sell prospect lists.

3. Our legal basis for processing (UK GDPR & EU GDPR)

We process personal data under the UK General Data Protection Regulation and the Data Protection Act 2018. For visitors and prospects in the European Economic Area, we additionally apply the EU GDPR. Our basis for processing your data is:

Legitimate interest — for processing necessary to respond to a sales inquiry you initiated (you booked the call, so we need your data to hold the call).
Consent — for any future marketing communication. You can withdraw consent at any time.
Legal obligation — for tax, accounting, or fraud-prevention records.

4. Third parties we share data with

We use a small set of standard service providers. We do not share data with anyone else.

Calendly — for scheduling. Privacy: calendly.com/privacy
Google Workspace — for sending and receiving email at @trailivo.com addresses. Privacy: policies.google.com/privacy
Cloudflare Web Analytics — for anonymous traffic analytics. No cookies, no behavioral profiling, no individual identification. Privacy: cloudflare.com/privacypolicy
Cloudflare Pages — for hosting and serving the website.
Stripe — only if you become a customer and pay an invoice. Privacy: stripe.com/privacy.

Some of these processors (Calendly, Stripe, Google Workspace) are based in the United States. Transfers of personal data from the UK and EEA to those providers are governed by either an adequacy decision (where applicable) or by the UK International Data Transfer Addendum / EU Standard Contractual Clauses, which provide an adequate level of protection.

5. How long we keep data

Sales-conversation data (emails, call notes): up to 24 months from your last contact with us, unless you ask us to delete it sooner.
Customer data (if you become a customer): for the term of the contract plus 7 years for tax and accounting purposes.
Anonymous web analytics: 24 months at most, then aggregated and discarded.

6. Your rights

Under GDPR and equivalent laws, you have the right to:

Ask us what data we have about you, and receive a copy
Have inaccurate data corrected
Have your data deleted ("right to be forgotten")
Restrict or object to our processing
Receive your data in a portable format
Lodge a complaint with a supervisory authority — in the UK, that is the Information Commissioner's Office (ICO); in the EEA, your country's national data protection authority

To exercise any of these rights, email [email protected]. We will respond within 30 days.

7. Cookies

This site uses minimal cookies:

Functional cookies needed for the site to work (e.g., remembering you've dismissed a banner). No consent needed under GDPR for these.
No third-party advertising cookies. No tracking pixels.
If we ever add anything that requires consent, we will show a cookie banner with a real reject option.

8. Customer (trail organization) data

If your organization becomes a Trailivo customer, the data your hikers create on the platform — registrations, bookings, content, photos — is governed by a Data Processing Agreement (DPA) that's part of your contract with us, not by this policy. We act as a data processor; your trail's organization is the controller.

If you are a hiker using a trail's app or website built on our platform, please consult that trail's own privacy policy. We can tell you which trails are running on our platform but do not handle their privacy correspondence.

9. Children

We do not knowingly collect data from children under 16. If you believe we have, contact us and we will delete it.

10. Security

We use HTTPS everywhere, encrypted backups, access controls on our systems, and a small team to limit the surface area of who has access to what. No system is perfectly secure; if we ever experience a breach affecting your data, we will notify you and the ICO (or relevant supervisory authority) within 72 hours, as required by UK GDPR.

11. Changes to this policy

If we update this policy materially, we will email registered contacts and post the change date at the top of this page. The current version is always at the URL of this page.

12. Contact

For any privacy question: [email protected]. We answer within one business day for routine queries and within 30 days for formal data subject requests.

Implementation note (remove before publishing): only the two [INSERT DATE] fields at the top need filling. Entity, jurisdiction, address, and processors are now resolved. A UK-qualified solicitor should still review sections 1, 3, 4, and 8 before this goes live, especially if processor choices change or if you start handling end-user hiker data through the platform (which moves from this policy into a separate customer-facing DPA). Once registered with the ICO as a data controller (mandatory once processing customer data at scale, £40–£2,900/yr fee), add the registration number to section 1.