Legal
Privacy Policy
Last updated: July 5, 2026
TrailSight ("TrailSight", "we", "us") provides an AI-agent security product for Salesforce. This policy explains, in plain language, what information we collect through our website and product, why we collect it, how we protect it, and the choices you have. It describes our current practices and is reviewed as the product evolves.
What we collect
Demo requests and contact information
When you request a demo or contact us, we collect what you submit: your name, work email, company, the size of your Salesforce footprint, the kinds of agents you use or are evaluating, and any notes you add. Alongside your submission we record basic context — the page you submitted from and a timestamp. Demo requests are delivered to and stored in our customer-relationship-management (CRM) system so we can respond and follow up.
Salesforce configuration and metadata
When a customer connects a Salesforce org for analysis, TrailSight reads the configuration and metadata needed to assess agent risk — for example agent and action definitions, Trust Layer settings, connected app and OAuth posture, MCP access settings, and permission and audit-coverage metadata. Access is agentless, via OAuth, and read-only; nothing is written to the org during analysis.
Logs, events, and signals
To evaluate runtime behavior, TrailSight processes the activity signals the connected org already produces — such as Setup Audit Trail entries, event monitoring logs, and login events. These are used to generate findings.
Conversation transcripts (opt-in only)
Conversation-based prompt-injection review is an opt-in capability. TrailSight reviews agent conversation transcripts only where a customer has explicitly enabled it for an org.
Product usage and diagnostics
We collect operational telemetry from the product itself — errors, performance, and feature usage — to run, secure, and support the service.
Website
Our website uses no third-party trackers, analytics scripts, or advertising cookies. Standard technical request data (such as IP address and user agent) may be recorded in hosting-provider server logs.
How we use it
- To provide the demo and the product.
- To analyze configuration and runtime risk in connected Salesforce orgs.
- To generate, prioritize, and explain security findings.
- For security, audit, and support of the service itself.
- To communicate with you about your demo, your account, and the product.
We do not sell personal information, and we do not use customer data to advertise to third parties.
Storage and security
Customer data is stored with strict per-org isolation: each connected org keeps its own data, findings, and history. Salesforce credentials and secrets are held in a dedicated secrets store, never in the product database. Internal access follows least-privilege, role-based controls, and connections are encrypted in transit. Our practices are described in more detail on the Trust & Security page.
Retention and deletion
We keep data only as long as it is needed for the purposes above. Customers can disconnect an org at any time (reversible), or request an irreversible, confirmation-gated erasure of a single org's data. If you have requested a demo and would like your contact details removed, email us and we will delete them.
Subprocessors and regional handling
We use a small number of infrastructure providers to host and operate the service. TrailSight is designed for local and in-region analysis where applicable, and we aim to keep customer data within the agreed deployment region. Regional and cross-border handling specifics, and a current list of subprocessors, are shared with customers as part of vendor review and contracting.
Your choices
- You can ask us to access, correct, or delete the contact information you submitted.
- You can opt out of demo- and product-related communications at any time.
- Customers control org connections, transcript-review opt-in, and org-level data erasure.
Depending on where you are located, you may have additional rights under applicable data-protection law; we will honor valid requests consistent with those laws.
Changes to this policy
When we change this policy, we will update the date at the top of this page. For material changes affecting customers, we will notify the affected accounts.
Contact
Questions about this policy or about your data: contactus@trailsight.io.
This page is written for transparency and is maintained by the TrailSight team; it will continue to be refined with legal counsel as the product and our customer base grow.