Our Privacy Policy
1) Who We Are & Scope
Plain language
Trailies LLC (“Trailies”) runs Trailies.com and related services worldwide. This policy explains what we collect, why, and how you can control it.
Trailies LLC (“Trailies,” “we,” “us,” “our”), located at 8080 N Central Expressway, Suite 1700, 1034 Dallas, TX 75206, United States, provides this Privacy Policy for our websites, apps, and online services (the “Services”). For most processing we act as a “business” (U.S.) and “controller” (EU/UK/CH). For vendors processing personal information on our behalf, we bind them with data-processing terms consistent with applicable law. This policy includes jurisdiction-specific supplements for California, Colorado/Connecticut/Virginia/Texas and others, and EU/UK/Switzerland.
2) What We Collect — Notice at Collection
Plain language
Here’s every category we may collect, why we collect it, if it’s used for ads, and how long we keep it. You can change cookie/ads choices anytime.
| Category | Examples | Purpose | Sold/Shared for targeted ads? | Retention |
|---|---|---|---|---|
| Identifiers | Name, email, phone, postal address, account/order IDs | Fulfill orders, account & support, fraud/security, transactional comms, marketing (subject to consent/opt-out) | Shared for ads/measurement (e.g., hashed email). Opt-out in Your Privacy Choices. | Orders: 7 years (tax/audit); marketing contacts: 24 months after last engagement or until opt-out; support threads: 24 months. |
| Commercial info | Products viewed, cart, purchases, returns | Fulfillment, recommendations, analytics | Not sold; may be shared for measurement/attribution | 7 years (tax/audit) |
| Internet activity | IP, device/UA, pages viewed, UTMs, pixel events | Site performance, analytics, fraud, retargeting | Shared for ads unless opted out / valid GPC | Event logs: 13 months; security: 24 months |
| Approx. geolocation | City/region from IP | Localization and fraud/security | No sale; fraud use only | 13 months |
| Inferences | Interest segments, “likelihood to purchase” (non-kids) | Personalization and segmentation | Shared for ads unless opted out | 12 months |
| Kids’ data (from parent) | Child’s first name & age range; optional parent notes | Personalize kid-facing content only; no targeted ads using a child’s data | No sale/share | Delete on request; otherwise ≤ 12 months post-fulfillment |
If we ever collect “sensitive personal information,” we will disclose it here and provide the required “Limit Use of Sensitive PI” controls.
3) Sources
Plain language
You give us data directly (checkout, forms). We also collect automatically via cookies and pixels (EU/UK/CH: only after consent). Some data comes from partners when their tags run on our site.
We collect personal information (i) directly from you; (ii) automatically via cookies, SDKs, and similar technologies; and (iii) from partners when their tags load on our Services (subject to consent where required by law).
4) How We Use Personal Information
Plain language
We use your data to run Trailies (orders, support, security), improve our products, and—if allowed—measure and personalize ads. You can change these choices.
- Core operations: ordering, fulfillment, support, fraud/security, legal compliance.
- Analytics & improvement: de-identified/aggregated where feasible.
- Marketing & cross-context behavioral advertising: retargeting, frequency capping, conversion measurement, lookalike modeling on platforms (e.g., Google, Meta). In EU/UK/CH, we rely on consent for ad personalization and non-essential cookies and implement Consent Mode v2.
5) Legal Bases (EU/UK/CH)
Plain language
We collect data because we need it for your order, to meet legal requirements, to keep things secure, or because you gave consent (especially for cookies/ads).
Legal bases: contract, legal obligation, legitimate interests (e.g., security, limited first-party analytics), and consent (non-essential cookies/identifiers, ad personalization/remarketing, and any children’s processing that requires it). We keep auditable consent records and provide easy withdrawal via Cookie Settings.
6) Cookies, Pixels & Similar Technologies
Plain language
We use necessary cookies to run the site. Analytics/ads cookies are optional and off by default in the EU/UK/CH. You can update your choices anytime.
We classify cookies as strictly necessary, functional, analytics, and advertising. In EU/UK/CH, non-essential cookies/IDs are off until you consent via a TCF-compatible, Google-certified CMP; Consent Mode v2 adapts tags. See Cookie Settings for a live list and to revoke consent.
7) “Selling/Sharing” & Targeted Advertising (U.S. states)
Plain language
Some states call certain ad tech uses “selling” or “sharing.” You can opt out, and we honor GPC and other recognized signals automatically.
Where applicable (e.g., California), cross-context behavioral advertising may be deemed a sale/share of personal information. You can opt out via Your Privacy Choices or by broadcasting a supported browser signal (e.g., Global Privacy Control). We treat valid signals as a “Do Not Sell or Share / targeted ads opt-out” for that browser/device and any associated profile.
8) Your Privacy Rights & How to Use Them
Plain language
You can request access, correction, deletion, portability, and opt out of ads. EU users can also object and withdraw consent. We respond within legal timeframes.
U.S. (CA/CO/CT/VA/TX…)
Rights include access/know, correction, deletion, portability, opt-out of sale/sharing/targeted advertising, and appeal (where required). We respond within 45 days (with one permitted extension). Use support@trailies.com or Your Privacy Choices. Authorized agents permitted in CA.
EU/UK/CH (GDPR)
Rights include access, rectification, erasure, restriction, portability, objection (including to direct marketing), and withdrawing consent at any time. You may complain to your supervisory authority. Use support@trailies.com and Cookie Settings.
9) Children’s Privacy
Plain language
We don’t collect directly from kids under 13 without parental consent. If a parent gives us a child’s first name/age, it’s to personalize content—never for targeted ads. Parents can review/delete any time.
We do not knowingly collect personal information from children under 13 without verifiable parental consent (VPC). Where we collect a child’s first name and age range, we collect it from the parent/guardian for personalization only and do not use a child’s data for targeted advertising. If we learn we collected child data without required consent, we delete it. Parents may review/delete their child’s data and refuse further use. In the EU/UK/CH, we obtain parental authorization where consent is required and the child is below the local digital age of consent (13–16).
We maintain a written information security program for child data and, where legally required, obtain separate parental opt-in for any third-party disclosures.
10) How We Disclose Information
Plain language
We share data with service providers (payments, shipping, cloud, analytics) under strict contracts. We don’t send sensitive data to ad platforms.
- Service providers / processors: payment, fulfillment/shipping, hosting, security/fraud, CRM/CDP/ESP/SMS, analytics (contracted under Art. 28 GDPR and CPRA service provider terms).
- Ad/analytics partners: e.g., Google and Meta business tools for measurement and personalization subject to your choices. We identify parties in our Partners page and do not transmit sensitive data; we avoid placing raw PII in URLs; we hash matching identifiers where applicable.
- Legal/compliance & business transfers as required by law or in connection with corporate transactions.
11) International Data Transfers
Plain language
If you’re in the EU/UK/CH, we may transfer your data to the U.S. using approved mechanisms (e.g., DPF if certified, or SCCs with safeguards).
We may transfer personal information to the U.S. or other countries using one or more of: (i) EU-U.S. Data Privacy Framework (and UK extension / Swiss-U.S. DPF) once certified, or (ii) Standard Contractual Clauses plus supplementary measures. We will state our DPF certification here once active.
12) Security
Plain language
We use industry-standard protections and limit access. No system is perfect, but we work hard to keep your data safe.
We maintain reasonable (U.S.) and appropriate (GDPR Art. 32) technical and organizational measures, including access controls, encryption in transit/at rest where appropriate, least-privilege access, logging/monitoring, incident response, vendor due diligence, and periodic reviews. We do not guarantee absolute security.
13) Data Retention
Plain language
We keep data only as long as needed for the stated purpose or as required by law, then delete or de-identify it. See the table above.
We retain personal information for the periods disclosed in the Notice at Collection or, where a fixed period is not possible, by applying documented criteria (purpose, legal obligations, limitation periods, and security needs).
14) Automated Decision-Making & Profiling
Plain language
We use profiling for ad relevance and segmentation. We don’t make automated decisions that have legal or similar significant effects on you.
We conduct profiling for marketing segmentation and analytics. We do not engage in solely automated decision-making that produces legal or similarly significant effects. EU users may object to direct marketing; if our ADM meaningfully expands, we will update this notice with the required logic and impact information.
15) Financial Incentives (California)
Plain language
If we ever run a loyalty/referral program tied to your data, we’ll explain the terms and how we value your data. Currently, none.
If we offer a program involving price/service differences in exchange for personal information, we will provide a description of material terms, categories of data involved, opt-in/out methods, and a good-faith estimate of the value of the consumer’s data, as required by California law.
16) Marketing Communications (Email/SMS/WhatsApp)
Plain language
You can unsubscribe from emails any time. For SMS, we only message you with proper consent; reply STOP to opt out.
Email: We comply with CAN-SPAM (including physical address and an easy unsubscribe). SMS/Calls (U.S.): We obtain prior express written consent where required by the TCPA; you can revoke consent at any time, and we honor reasonable opt-out methods.
17) Regional Supplements
California (CPRA/CCPA)
Rights: know/access, correction, deletion, portability; opt-out of sale/sharing; limit sensitive PI (if applicable); non-discrimination; authorized agent process. We honor GPC. Use Your Privacy Choices or support@trailies.com.
Colorado, Connecticut, Virginia, Texas & others
Targeted advertising opt-out available and appeals process in CO/CT/VA. We respond to rights requests within 45 days (extensions as permitted). We honor recognized Universal Opt-Out Mechanisms where required.
EU/UK/Switzerland (GDPR + ePrivacy)
Non-essential cookies/IDs and ad personalization require prior consent; refusal must be as easy as acceptance. You can withdraw consent anytime via Cookie Settings. You have the rights listed in Section 8 and may contact your supervisory authority.
19) Changes to This Policy
Plain language
We’ll post updates here with a new date. If we make big changes, we’ll notify you and, where required, ask again for consent.
We will update this Policy when our practices materially change. We will post the updated version with a new effective date and provide additional notice and/or obtain consent where legally required (e.g., new non-essential cookies in EU/UK/CH).
Email: support@trailies.com
Postal: 8080 N Central Expressway, Suite 1700, 1034 Dallas, TX 75206, United States