Back to home

Privacy Policy

Last updated: January 22, 2026

Trusteo ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Trust Center platform and related services.

1. Information We Collect

1.1 Information You Provide

  • Account Information: Name, email address, company name, and password when you create an account
  • Profile Information: Company details, branding assets, and trust center configuration
  • Documents: Files you upload to your Trust Center, including compliance certificates, security reports, and other materials
  • Payment Information: Billing details processed securely through our payment provider (Paddle)
  • Communications: Messages you send through support channels or feedback forms

1.2 Information from Trust Center Visitors

  • Access Requests: Email addresses provided when visitors request document access
  • NDA Signatures: Name, email, company, title, and signature when visitors sign NDAs
  • Visit Data: Page views, document downloads, and interaction timestamps

1.3 Information Collected Automatically

  • Device Information: Browser type, operating system, device identifiers
  • Usage Data: Pages visited, features used, time spent on the Service
  • Log Data: IP address, access times, referring URLs, and error logs
  • Cookies: Session and preference cookies (see Section 7)

2. How We Use Your Information

We use collected information to:

  • Provide, maintain, and improve the Service
  • Process transactions and send billing-related communications
  • Send service updates, security alerts, and administrative messages
  • Provide customer support and respond to inquiries
  • Generate analytics and insights for Trust Center owners
  • Detect, prevent, and address security issues and abuse
  • Comply with legal obligations and enforce our Terms of Service
  • Personalize and improve user experience

3. Information Sharing

We do not sell your personal information. We may share information with:

3.1 Service Providers

Third parties who perform services on our behalf, including:

  • Supabase: Database hosting and authentication
  • Vercel: Application hosting and CDN
  • Paddle: Payment processing
  • Resend: Email delivery
  • Analytics providers: Service improvement and usage analysis

3.2 Trust Center Owners

When you visit a Trust Center and submit your information (email, NDA signature), that information is shared with the Trust Center owner who uses Trusteo.

3.3 Legal Requirements

We may disclose information when required by law, regulation, legal process, or governmental request, or to protect rights, property, or safety.

3.4 Business Transfers

In connection with a merger, acquisition, or sale of assets, your information may be transferred. We will notify you of any such change.

4. Data Retention

We retain information as follows:

  • Account Data: For as long as your account is active, plus a reasonable period for backup purposes
  • Documents: Until you delete them or your account is terminated
  • NDA Signatures: Retained as compliance records for Trust Center owners; may be kept for legal requirements
  • Analytics Data: Aggregated data may be retained indefinitely; individual data typically retained for 2 years
  • Log Data: Typically retained for 90 days for security and debugging purposes

5. Data Security

We implement appropriate technical and organizational measures to protect your information:

  • Encryption of data in transit (TLS) and at rest
  • Secure authentication with hashed passwords
  • Regular security assessments and monitoring
  • Access controls limiting employee data access
  • Secure infrastructure provided by industry-leading cloud providers

While we strive to protect your information, no system is completely secure. You are responsible for maintaining the security of your account credentials.

6. Your Rights and Choices

Depending on your location, you may have the following rights:

  • Access: Request a copy of your personal information
  • Correction: Update inaccurate or incomplete information
  • Deletion: Request deletion of your personal information
  • Portability: Receive your data in a structured, machine-readable format
  • Objection: Object to certain processing of your information
  • Restriction: Request limitation of processing in certain circumstances
  • Withdraw Consent: Where processing is based on consent, withdraw it at any time

To exercise these rights, contact us at privacy@trusteo.co. We will respond within 30 days or as required by applicable law.

7. Cookies and Tracking

We use the following types of cookies:

  • Essential Cookies: Required for the Service to function (authentication, security)
  • Preference Cookies: Remember your settings and preferences
  • Analytics Cookies: Help us understand how users interact with the Service

You can control cookies through your browser settings. Note that disabling certain cookies may impact Service functionality.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place, including standard contractual clauses or other lawful transfer mechanisms.

9. Children's Privacy

The Service is not intended for children under 16. We do not knowingly collect information from children. If we learn we have collected information from a child, we will take steps to delete it promptly.

10. California Privacy Rights

California residents have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information is collected, used, and shared
  • Right to delete personal information
  • Right to opt-out of the sale of personal information (we do not sell your data)
  • Right to non-discrimination for exercising your privacy rights

11. European Privacy Rights

If you are in the European Economic Area (EEA) or UK, you have rights under the GDPR including those listed in Section 6. Our legal bases for processing include:

  • Contract: Processing necessary to provide the Service
  • Legitimate Interests: Improving services, security, and fraud prevention
  • Legal Obligation: Compliance with applicable laws
  • Consent: Where you have given specific consent

You may lodge a complaint with your local data protection authority.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Service at least 30 days before they take effect. Your continued use after changes constitutes acceptance.

13. Contact Us

For questions about this Privacy Policy or our privacy practices, contact us at:

Email: privacy@trusteo.co

General Support: support@trusteo.co

Data Protection Officer: dave@invitfull.com