Trujay & GDPR Compliance

The European General Data Protection Regulation (GDPR) was approved on April 14, 2016, by the European Parliament and went into effect as of May 25, 2018. The GDPR is a regulation on the collection and processing of information related to an individual residing within the European Union (EU).

    General Data Protection Regulation (GDPR) is a set of laws aimed to enhance the protection of EU citizens’ personal data. It also increases the obligations for organizations regarding the transparent insurance of their business information and security guarantees. 

    Your core rights according to the GDPR in terms of Trujay service:

    • Provide full transparency on what data is collected and how data will be used before requesting the individual’s consent.
    • Ensure that collected data is used only for the purposes explicitly specified at the time of collection and consent.
    • Minimize the data collected and utilized solely for the purpose for which it is collected.
    • Ensure that collected data is accurate throughout the chain of processors.
    • Carefully evaluate the duration of how long data is stored, as data must only be stored for as long as necessary to serve its intended purpose and provide users the right to delete their data.
    • Prevent against unauthorized use or accidental loss of data through the deployment of appropriate security measures and adherence to mandatory breach reporting.

    Our service holds to the Statements and Privacy Policy of GDPR. We have taken steps to improve the following points:

    • Trujay informs the client about the data we collect and what methods can be used;
    • Trujay advises users on how to avoid tracking and will not share their private information;
    • Trujay uses a Security Policy to help ensure the client’s data is secure;
    • Trujay enables its clients to disallow the collection and process of personal data at any time;
    • Trujay will delete user’s personal data after submission of a written request from the user;
    • User can request to see the collected data, at any time.

    For a more user-friendly experience, Trujay will collect some personal information. In compliance with GDPR regulations, we ensure our customers are informed during any data collection.

    When creating a Trujay account, you are asked to provide the following information:

    • name
    • e-mail address
    • password
    • phone number (optional)

    When you visit, our server records the following information sent by cookies from your browser:

    • web request (e.g. date, time, etc.)
    • IP address
    • browser type
    • browser language
    • one or more cookies identifying your browser

     List of sub-processors

    EntitySub-processing Activities
    Google, LLCCloud Service Provider
    Amazon Web Services, Inc.Cloud Service Provider
    MongoDB, Inc.Data Storage
    HubSpot, Inc.Customer Relationship Management (CRM)
    Slack Technologies, Inc.Communication & Support Services
    StripePayment Processing
    PayPro GlobalPayment Processing
    Atlassian Inc.Issue Tracking & Product Development
    SprigUser Research
    Hotjar Ltd.User Research
    SmartBear Software (Bugsnag)Monitoring Service
    HelpHeroProduct Onboarding
    Asana Inc.Project Management
    Xero LimitedBilling/Invoicing
    Zoom Video Communications, Inc.Video conferencing
    Automattic Inc (WordPress)CMS

    Cookies are small bits of text in data files. They can be integrated into your browser (on your computer or personal device) when you surf various websites.

    Their primary purpose is to collect bits of information about your interaction with the website. It can help remember your setup, understand preferences, ease service login; and make it secure. Cookies are widely used to ensure efficient and accurate reporting information.

    Please note: cookies do not identify the person and are not software programs. They cannot install themselves or any other application on your device.

    The Trujay website may request cookies be accepted on your device.

    We use cookies to know when you visit our websites, and how you interact with the pages, in an effort to enrich your user experience. Blocking some types of cookies may impact your experience on our websites and the offered services.

    Other tracking technologies:  we use Inspectlet, HubSpot, etc. These are tiny graphic files that contain a unique identifier to recognize you when you visit our websites and track the activities. Or in the case of web beacons, to see if the user opened an email we have

    Due to the nature of the personal data we collect via our website/service and your CRM system data, we’ve developed a complex measures to ensure your data protection:

    • Network firewalls
    • Network posture assessment
    • DDoS preventions (We use the latest hardware appliances and sophisticated perimeter security technologies, providing you with first-rate protection against large-scale DDoS attacks.)
    • HTTPS-encrypted communication
    • Role-based authorization
    • Validation of all requests to ensure security on the application level

    Find more information, please visit:

    The nature of our services require collection of your personal data to:

    • Improve your customer journey on our website (web request, IP address, browser type, browser language, one or more cookies identifying your browser);
    • Guarantee successful CRM data migration and integration (you must allow access to both source and target CRM);
    • Send you important information on your migration and integration: estimates, results of the sample migration, and other correspondence;
    • Contact you to clarify your requirements (via e-mail address, phone number).

    Every service user/website visitor can request Trujay delete private data by sending a request via this form.

    Please note: deleted data can not be restored. If the contact is removed, all the personal data (name, email, password, phone number and info from cookies) will be deleted, and CRM access and migration results removed.

    All CRM data will be deleted after 30 days; however all data can be removed earlier, upon written request.

    We take your data security seriously and have developed a comprehensive set of practices, technologies, and policies to help ensure your it remains that way. Your privacy is essential, with an emphasis on effective and security-focused practices.

    Trujay holds the following security points:

    • Physical Security Layer
    • Network Security Layer
    • Application Security Layer
    • Security Audits

    For more information, visit Security Policy and Enhanced Security.

    Trujay processes your personal data according to your instructions in accordance with our Privacy PolicyTerms of ServiceSecurity PolicyData Processing Agreement and Service Level Agreement.

    We sign NDA agreements with any of our clients who run a sample migration.

    Questions & Concerns


    If you have any questions or comments, please send an email to

    Disclaimer: the sole purpose of this article is to facilitate a better understanding of how Trujay is compliant with GDPR data privacy law, and should not be treated as legal advice.