Privacy Policy
Last updated: June 2026 · Complies with LGPD (Lei Geral de Proteção de Dados) and GDPR
Trazly is a product of Cloud Global Technology (CGT)
Who We Are
Trazly is an employee lifecycle management platform (onboarding, absences, documents, access records, and offboarding) operated by Cloud Global Technology (CGT), headquartered in Brazil. This policy explains what personal data we process, for what purposes, and what rights you have. For any privacy matter, you may write to us at privacidad@trycgt.com.
Our Dual Role: Controller and Processor
Depending on the data involved, we act in two different capacities:
- As controller: for the account data of the person who contracts Trazly — the admin who registers, billing data, and support data. For this data, CGT determines the purposes and means of processing.
- As processor: for the employee data that each customer company uploads to the platform. In this case, the customer company is the controller of that data, and we process it solely on their behalf and in accordance with their instructions, to provide the service.
If you are an employee of a company that uses Trazly and wish to exercise rights over your data, contact your employer (the controller). We will provide the necessary support as the processor.
Data We Collect
We process the following categories of data:
- Account data: name, email address, phone number, language, profile photo, and password (stored in encrypted form).
- Employee data managed by the customer: name, email, phone number, job title, department, employment type, start and end dates, absences and supporting documents, files, and records of assigned accesses and assets.
- Payment data: payments are processed through Stripe. We do not store card numbers; we only retain the customer and subscription identifiers necessary for billing.
- Technical and log data: IP address, date, time, and type of action in our audit log, and basic browser information.
- Content data (files and documents): files, PDFs, images, and other documents uploaded by users and their employees. These files are stored in private buckets (Supabase Storage) and are accessible only to authorized users within the same tenant. CGT does not analyze, process, or use this content for any purpose other than providing the document storage and management service. Users are responsible for the content they upload and must hold the necessary rights over it.
How We Use Your Data
- To provide and operate the service.
- To authenticate you and protect the security of the platform.
- To provide support and communicate with you about your account.
- To manage billing and payments.
- To send operational notifications (task reminders, deadlines, alerts).
- To comply with legal obligations and maintain traceability through an audit log.
- To improve the service, using data in aggregated or anonymized form.
- To store and manage the documents and files you upload, solely to provide the document management service.
Legal Basis for Processing (LGPD and GDPR)
We process your data on the following legal bases:
- Performance of the contract of service between you and CGT.
- Compliance with legal obligations (for example, accounting or tax obligations).
- Our legitimate interests in maintaining the security and traceability of the service.
- Your consent, when a specific purpose requires it.
Who We Share Data With
We do not sell your data. We share it only with the providers (sub-processors) necessary to operate the service, each under their own data processing agreements:
- Supabase — database, authentication, and storage · Brazil (São Paulo).
- Stripe — payment processing and billing · United States / global.
- Resend — transactional email delivery · United States.
- Vercel — application hosting and usage analytics · United States / global.
International Transfers
Your operational data is hosted in Brazil (São Paulo). Some sub-processors may process certain data outside Brazil. In those cases, transfers are made with appropriate contractual safeguards (such as standard contractual clauses and each provider's compliance commitments), in accordance with the LGPD and GDPR.
Retention
We retain your data while your account is active and, after closure, for up to 5 years for legal and accounting obligations; after that, it is deleted or anonymized. Deletions use logical erasure. Audit logs are kept unaltered during the retention period to guarantee integrity and traceability.
Security
We apply encryption in transit and at rest, tenant isolation through row-level security policies (RLS), role-based access control, and an audit log of all actions. Data is hosted in Brazil and access is restricted to authorized personnel.
Your Rights (LGPD and GDPR)
As a data subject, you have the right to:
- Access your data and obtain a copy.
- Correct incomplete or outdated data.
- Request deletion or anonymization.
- Port your data to another provider.
- Know who we share your data with.
- Object to processing or withdraw your consent where applicable.
To exercise these rights, write to us at privacidad@trycgt.com. If you are an employee of a customer company, direct your request to your employer (the controller of your data); we will assist them as the processor.
Minors
Trazly is a professional tool and is not directed at minors. We do not knowingly collect data from minors.
Data Protection Officer (DPO)
For privacy and data protection matters: privacidad@trycgt.com.
Changes to This Policy
We may update this policy. We will notify you of material changes and will publish the date of the last update at the top of this document.