Last updated: May 2026

tricargo

1. About this policy

1.1  This Privacy Policy explains how tricargo collects, uses, shares and protects personal data in connection with the tricargo service at tricargo.aero and any related services, applications, application programming interfaces, and integrations (together, the “Service”).

1.2  This policy is published by The Third Foundry Ltd, a company registered in England and Wales with company number 1737142 and registered office at Unit 1b Coln Industrial Estate, Colnbrook, Berkshire, England SL3 0NJ. tricargo is part of The Third Foundry, a technology business with no operational stake in air cargo. For the purposes of the UK General Data Protection Regulation and the Data Protection Act 2018 (together, the “UK GDPR”), tricargo is the controller and responsible for the personal data described in this policy unless stated otherwise.

1.3  This policy should be read alongside our Terms of Service, which govern access to and use of the Service.

1.4  If you have questions about this policy or how we handle personal data, please contact us at [privacy@tricargo.aero].

2. Who this policy applies to

This policy applies to personal data we collect about:

•       registered users of the Service, including individuals registering on behalf of freight forwarders (“Forwarders”), general sales agents, general sales and service agents, airlines and other supply-side parties (“GSAs”);

•       visitors to tricargo.aero;

•       contacts at organisations with which we have, or are exploring, a commercial relationship;

•       attendees at events we host or attend; and

•       individuals whose personal data is shared with us by Users in the course of using the Service.

3. Personal data we collect

3.1  What is personal data?

Personal data means any information about an individual from which that person can be identified.

3.2  Information you provide to us

When you register for an account, use the Service, communicate with us, or attend our events, we may collect:

•       identifying information, including name, job title, business email address, business postal address and business telephone number;

•       business information, including the name of the organisation you represent, your role within it, and relevant industry identifiers (for example, IATA, CASS or FIATA numbers);

•       account credentials, including password (stored in hashed form);

•       content you submit through the Service, including listings, search queries, quote requests, profile information and correspondence;

•       payment information, where you are a paying User (handled by our payment processor, see section 5);

•       communications you send us, including support enquiries, feedback and event registrations.

3.3  Information we collect automatically

When you access the Service, we and our service providers may automatically collect:

•       technical information, including internet protocol address, browser type, device identifiers, operating system and language settings;

•       usage information, including pages viewed, actions taken, search activity, response times and session timestamps;

•       cookie and similar technology data, as described in our Cookie Notice [link].

3.4  Information we receive from third parties

We may receive personal data about you from:

•       industry bodies and partners (for example, FEDAGSA and FIATA), where you have agreed to be introduced to us or where they share lists of members for the purpose of relevant communications;

•       publicly available sources, including company websites, business directories and professional networking sites, for the purposes of business development;

•       our service providers, including providers of analytics, payment processing, support and infrastructure;

•       other Users, where they include your information in content submitted to the Service.

4. How and why we use personal data

We use personal data for the purposes described below. The lawful bases on which we rely are set out alongside each purpose.

4.1  To operate the Service and provide services to Users

Including account creation and management, authentication, processing quote requests, maintaining listings, providing customer support, and communicating about your use of the Service. Lawful basis: performance of a contract; legitimate interests in operating and improving the Service.

4.2  To bill paying Users and process payments

Including invoicing, processing card payments through our payment processor, reconciling accounts and managing arrears. Lawful basis: performance of a contract; compliance with legal obligations relating to tax and accounting.

4.3  To secure and protect the Service

Including monitoring for fraud, abuse and unauthorised access, enforcing our Terms of Service, and investigating incidents. Lawful basis: legitimate interests in maintaining the security and integrity of the Service; compliance with legal obligations.

4.4  To improve and develop the Service

Including analysing usage patterns, evaluating features, testing changes and developing new functionality. Where possible, we use aggregated or anonymised data for these purposes. Lawful basis: legitimate interests in evaluating, improving and developing the Service.

4.5  To communicate with Users and prospective Users

Including service communications, product updates, event invitations and (where permitted) marketing about tricargo. Lawful basis: legitimate interests in promoting the Service to business contacts; consent, where required.

You can opt out of marketing communications at any time using the unsubscribe link in our emails or by contacting us. We will continue to send essential service communications relating to your account.

4.6  To comply with legal obligations and to establish, exercise or defend legal claims

Including responding to lawful requests from authorities, complying with tax and accounting obligations, and addressing disputes. Lawful basis: compliance with legal obligations; legitimate interests in establishing, exercising or defending legal claims.

5. Sharing personal data

We share personal data only as described below. We do not sell personal data.

5.1  Between Users of the Service

The Service is designed to facilitate communication between Forwarders and GSAs. Information you submit through the Service may be made visible to other Users in accordance with the design and function of the Service – for example, GSA listing information is visible to Forwarders searching the Service, and information included in a quote request is visible to the GSA(s) the request is sent to. Where Users communicate with each other and disclose personal data to each other, we consider this to be data sharing between two independent controllers. 

5.2  Service providers

We share personal data with third parties that provide services to us, including:

•       infrastructure and hosting providers;

•       payment processors (currently [Stripe]);

•       email and communications providers;

•       customer support tooling providers;

•       analytics providers;

•       professional advisers, including lawyers, accountants and auditors.

These providers process personal data on our behalf under written terms requiring appropriate security and confidentiality protections.

5.3  Industry partners

Where you are a member of an industry body that has a commercial relationship with tricargo (for example, FEDAGSA or FIATA), we may share limited information about your registration and activity for the purposes of administering the relationship and reporting on revenue share arrangements. We do not share the content of your communications, quote requests or commercial dealings with other Users for these purposes.

5.4  Within The Third Foundry group

tricargo is part of The Third Foundry. We may share personal data with other entities within The Third Foundry group where reasonably necessary to operate the Service, manage the commercial relationship with you, or provide support functions (such as finance, legal and IT). Any such sharing is subject to appropriate confidentiality and security protections, and does not affect the controller of your personal data.

5.5  Legal and regulatory disclosures

We may share personal data where required by law, court order or regulatory authority, or where reasonably necessary to protect the rights, property or safety of tricargo, our Users or others.

5.6  Business transfers

If tricargo is involved in a merger, acquisition, financing, reorganisation, sale of assets, or insolvency event, personal data may be transferred or disclosed as part of that transaction or process, subject to standard confidentiality protections.

6. International transfers

6.1  We are based in the United Kingdom but operate a Service used by Users in many countries. Personal data may be transferred to, stored in, or accessed from countries outside the United Kingdom and the European Economic Area, including by our service providers.

6.2  Where we transfer personal data outside the United Kingdom, we put in place appropriate safeguards in accordance with the UK GDPR, including the UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, or reliance on adequacy decisions where available. You can request more information about the safeguards in place by contacting us at [privacy@tricargo.aero].

6.3 As noted above, where Users communicate with each other and disclose personal data to each other, we consider this to be data sharing between two independent controllers. Accordingly, where such Users are located in different countries, we do not consider such data sharing to be an international data transfer by tricargo.  

7. Retention

7.1  We retain personal data for as long as necessary to fulfil the purposes for which it was collected, including to provide the Service, to comply with legal, tax and accounting obligations, to resolve disputes and to enforce our agreements.

7.2  As a general rule:

•       account information is retained for the duration of your account and for a reasonable period afterwards to address post-termination matters, typically up to seven years;

•       transactional and billing records are retained for the period required by applicable tax and accounting law, typically at least six years;

•       Service usage and analytics data is retained in aggregated or anonymised form for longer periods to support improvement and reporting.

7.3  When personal data is no longer required, we will delete or anonymise it.

8. Your rights

8.1  Subject to applicable law and certain exceptions, you have the following rights in relation to your personal data:

•       the right to be informed about how we use your personal data;

•       the right to access a copy of the personal data we hold about you;

•       the right to ask us to correct inaccurate or incomplete personal data;

•       the right to ask us to delete personal data in certain circumstances;

•       the right to restrict or object to our processing of personal data in certain circumstances;

•       the right to data portability in certain circumstances;

•       the right to withdraw consent at any time, where we rely on consent;

•       the right to complain to the Information Commissioner’s Office (ico.org.uk) or your local supervisory authority.

8.2  To exercise any of these rights, please contact us at [privacy@tricargo.aero]. We may need to verify your identity before responding.

8.3  Where personal data has been provided to us by a User on behalf of another data subject (for example, contact details included in a quote request), requests from that data subject may be directed to the originating User for action, with our assistance where appropriate.

9. Security

9.1  We take appropriate technical and organisational measures to protect personal data against unauthorised or unlawful processing and against accidental loss, destruction or damage. These measures include access controls, encryption in transit, secure hosting, regular review of security practices, and incident response procedures.

9.2  No system is completely secure. While we work to protect personal data, we cannot guarantee absolute security, and you also have a responsibility to keep your account credentials secure.

9.3  We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator where we are legally required to do so.

10. Cookies and similar technologies

10.1  We use cookies and similar technologies on the Service for purposes including authentication, security, preference management, analytics and (where you consent) marketing measurement.

10.2  Further information is available in our Cookie Notice [link]. You can manage cookie preferences through your browser settings and, where applicable, the cookie management interface in the Service.

11. Third-party services and integrations

11.1  The Service may interoperate with, or be made available through, third-party services, applications, browser extensions, application programming interfaces and software, including (in future) additional tricargo or third-party tools and integrations (“Third-Party Services”).

11.2  Where you choose to use a Third-Party Service in connection with the Service, additional information about how personal data is collected and used may be made available at the point of integration, including any supplementary privacy terms specific to that integration. Your use of a Third-Party Service may also be subject to the privacy policy of the relevant third-party provider.

11.3  Where tricargo provides an integration that processes personal data on behalf of a User (for example, content submitted by a User’s customer that the User chooses to process through the Service), tricargo will act as a processor in respect of such personal data, and the User will be the controller. In such cases, the parties’ respective obligations will be governed by a separate data processing addendum.

11.4  We will update this policy where new integrations introduce materially different processing activities.

12. Children

The Service is for business use and is not directed to children. We do not knowingly collect personal data from children under the age of 18. If you believe a child has provided personal data to us, please contact us and we will delete it.

13. Changes to this policy

We may update this policy from time to time. Where a change is material, we will notify you by email or through the Service before the change takes effect. The date at the top of this policy indicates when it was last updated.

14. Contact us

If you have questions, concerns or complaints about this policy or our handling of personal data, please contact us at:

Email: matthew@tricargo.aero

Post: tricargo, c/o Mark 3 International Ltd, Unit 1b Coln Industrial Estate, Colnbrook, Berkshire, England, SL3 0NJ

If we are unable to resolve a complaint to your satisfaction, you have the right to complain to the Information Commissioner’s Office at ico.org.uk.