Skip to content
TrailSight
  • Problem
  • Detection
  • How it works
  • Findings
  • Request a Demo

Legal

Privacy Policy

Last updated: July 5, 2026

TrailSight ("TrailSight", "we", "us") provides an AI-agent security product for Salesforce. This policy explains, in plain language, what information we collect through our website and product, why we collect it, how we protect it, and the choices you have. It describes our current practices and is reviewed as the product evolves.

What we collect

Demo requests and contact information

When you request a demo or contact us, we collect what you submit: your name, work email, company, the size of your Salesforce footprint, the kinds of agents you use or are evaluating, and any notes you add. Alongside your submission we record basic context — the page you submitted from and a timestamp. Demo requests are delivered to and stored in our customer-relationship-management (CRM) system so we can respond and follow up.

Salesforce configuration and metadata

When a customer connects a Salesforce org for analysis, TrailSight reads the configuration and metadata needed to assess agent risk — for example agent and action definitions, Trust Layer settings, connected app and OAuth posture, MCP access settings, and permission and audit-coverage metadata. Access is agentless, via OAuth, and read-only; nothing is written to the org during analysis.

Logs, events, and signals

To evaluate runtime behavior, TrailSight processes the activity signals the connected org already produces — such as Setup Audit Trail entries, event monitoring logs, and login events. These are used to generate findings.

Conversation transcripts (opt-in only)

Conversation-based prompt-injection review is an opt-in capability. TrailSight reviews agent conversation transcripts only where a customer has explicitly enabled it for an org.

Product usage and diagnostics

We collect operational telemetry from the product itself — errors, performance, and feature usage — to run, secure, and support the service.

Website

Our website uses no third-party trackers, analytics scripts, or advertising cookies. Standard technical request data (such as IP address and user agent) may be recorded in hosting-provider server logs.

How we use it

  • To provide the demo and the product.
  • To analyze configuration and runtime risk in connected Salesforce orgs.
  • To generate, prioritize, and explain security findings.
  • For security, audit, and support of the service itself.
  • To communicate with you about your demo, your account, and the product.

We do not sell personal information, and we do not use customer data to advertise to third parties.

Storage and security

Customer data is stored with strict per-org isolation: each connected org keeps its own data, findings, and history. Salesforce credentials and secrets are held in a dedicated secrets store, never in the product database. Internal access follows least-privilege, role-based controls, and connections are encrypted in transit. Our practices are described in more detail on the Trust & Security page.

Retention and deletion

We keep data only as long as it is needed for the purposes above. Customers can disconnect an org at any time (reversible), or request an irreversible, confirmation-gated erasure of a single org's data. If you have requested a demo and would like your contact details removed, email us and we will delete them.

Subprocessors and regional handling

We use a small number of infrastructure providers to host and operate the service. TrailSight is designed for local and in-region analysis where applicable, and we aim to keep customer data within the agreed deployment region. Regional and cross-border handling specifics, and a current list of subprocessors, are shared with customers as part of vendor review and contracting.

Your choices

  • You can ask us to access, correct, or delete the contact information you submitted.
  • You can opt out of demo- and product-related communications at any time.
  • Customers control org connections, transcript-review opt-in, and org-level data erasure.

Depending on where you are located, you may have additional rights under applicable data-protection law; we will honor valid requests consistent with those laws.

Changes to this policy

When we change this policy, we will update the date at the top of this page. For material changes affecting customers, we will notify the affected accounts.

Contact

Questions about this policy or about your data: contactus@trailsight.io.

This page is written for transparency and is maintained by the TrailSight team; it will continue to be refined with legal counsel as the product and our customer base grow.

TrailSight

AI Agent Security for Salesforce.

Problem Detection How it works Findings Request a Demo
contactus@trailsight.io
Privacy Policy Trust & Security LinkedIn

© 2026 TrailSight. All rights reserved.