We believe privacy is a right, not a checkbox. Here's exactly what we collect, why, and how we protect it.
When you create an account, we collect your name, email address, and business information. This is provided directly by you during sign-up and onboarding.
We collect your Google Business profile information, including business name, address, phone number, and category. We also import your customer reviews from connected platforms.
We collect information about how you interact with TrustMetric — pages visited, features used, actions taken, and time spent. This helps us improve the product.
Payment processing is handled by Stripe. We never store your full card number, CVV, or banking details. We only receive a tokenized payment reference.
If you contact us via email or support, we retain those communications to help resolve issues and improve our service.
We use your data to operate TrustMetric — generating AI review responses, sending SMS requests, syncing reviews, and providing analytics.
Your review content and business information is sent to our AI provider to generate responses. This data is processed in real-time and is not used to train external AI models.
We use your email to send product updates, billing notifications, and important security alerts. You can opt out of marketing emails at any time.
Aggregated, anonymized usage data helps us understand what features to build and improve. We never sell individual user data.
We share data with trusted third-party providers who help us operate: Clerk (authentication), Supabase (database), Twilio (SMS), Anthropic (AI), Stripe (payments), and Vercel (hosting). Each is bound by data processing agreements.
When you connect your Google Business profile, we access your business data and reviews via the Google Places API under Google's terms of service.
We do not sell, rent, or trade your personal data to third parties for marketing purposes. Full stop.
We may disclose data if required by law, court order, or to protect the rights, property, or safety of TrustMetric, our users, or the public.
We retain your data for as long as your account is active. Review data, AI responses, and SMS history are stored to provide analytics and historical context.
When you delete your account, we permanently delete your personal data within 30 days. Anonymized, aggregated data may be retained for product analytics.
Data may remain in encrypted backups for up to 90 days after deletion as part of our disaster recovery process.
You can request a copy of all personal data we hold about you at any time by contacting privacy@trustmetric.io.
You can update your account information directly in your dashboard settings. For other corrections, contact us.
You can delete your account from dashboard settings. This triggers permanent deletion of your personal data within 30 days.
If you are located in the EU or California, you have additional rights under GDPR and CCPA respectively. Contact us to exercise these rights.
All data is encrypted in transit using TLS 1.3 and at rest using AES-256. API keys and secrets are stored using industry-standard secret management.
Access to production systems is restricted to essential personnel, protected by MFA, and audited regularly.
In the event of a data breach, we will notify affected users within 72 hours and take immediate remediation steps.
We use cookies required for authentication and session management. These cannot be disabled without breaking the service.
We may use privacy-respecting analytics tools to understand usage patterns. These do not track you across other websites.
We do not use advertising cookies or cross-site tracking technologies.
For any privacy-related questions, requests, or concerns, contact us at privacy@trustmetric.io. We respond within 5 business days.
TrustMetric Inc. · privacy@trustmetric.io
Questions? Email us at privacy@trustmetric.io