Privacy Policy
Effective Date: March 9, 2026 | Last Updated: March 9, 2026
The Trusted Signal (“Company,” “we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at thetrustedsignal.com, use our web application at app.thetrustedsignal.com, or interact with our services (collectively, the “Platform”). Please read this policy carefully. By using the Platform, you consent to the data practices described herein.
1. Information We Collect
1.1 Information You Provide Directly
- Account Information: Name, email address, company name, and job title when you create an account
- Payment Information: Billing address and payment method details, processed securely through our third-party payment processor (we do not store full credit card numbers)
- URLs and Website Data: Website URLs you submit for analysis, and any content or metadata our system accesses from those URLs during audits
- Communications: Information you provide when you contact us via email, support tickets, or feedback forms
- Survey and Feedback Data: Responses to optional surveys, questionnaires, or product feedback requests
1.2 Information Collected Automatically
- Usage Data: Pages visited, features used, audit reports generated, time spent on the Platform, and interaction patterns
- Device Information: Browser type and version, operating system, device type, screen resolution, and language preferences
- Log Data: IP address, access times, referring URLs, and pages viewed
- Cookies and Tracking Technologies: See Section 7 for details on our use of cookies
1.3 Information from Third-Party Sources
- Analytics Providers: Data from services such as Google Analytics to understand Platform usage patterns
- Authentication Providers: If you sign in using a third-party service (e.g., Google OAuth), we may receive your name, email, and profile information as authorized by that service
- Public Website Data: When analyzing URLs you submit, our system may access publicly available website content, metadata, schema markup, and other technical information
2. How We Use Your Information
We use the information we collect for the following purposes:
- Service Delivery: To provide Trust Score audits, generate reports, deliver recommendations, and operate Platform features
- Account Management: To create and manage your account, process payments, and communicate about your subscription
- Platform Improvement: To analyze usage patterns, identify bugs, improve features, and develop new services
- Communication: To send service updates, security alerts, billing notifications, and (with your consent) marketing communications
- Analytics and Research: To generate aggregate, anonymized statistics about Platform usage, industry trends, and Trust Score benchmarks (no individual user data is identifiable)
- Security: To detect, prevent, and address fraud, abuse, and security threats
- Legal Compliance: To comply with applicable laws, regulations, and legal processes
2.2 Legal Basis for Processing (GDPR)
For users in the EEA, UK, and Switzerland, we process personal data under the following legal bases:
| Processing Purpose | Legal Basis |
|---|---|
| Service delivery (audits, reports, features) | Performance of contract (GDPR Art. 6(1)(b)) |
| Account management and billing | Performance of contract (GDPR Art. 6(1)(b)) |
| Platform improvement and analytics | Legitimate interest (GDPR Art. 6(1)(f)) |
| Service communications (updates, alerts) | Performance of contract (GDPR Art. 6(1)(b)) |
| Marketing communications | Consent (GDPR Art. 6(1)(a)) |
| Security and fraud prevention | Legitimate interest (GDPR Art. 6(1)(f)) |
| Legal compliance | Legal obligation (GDPR Art. 6(1)(c)) |
3. How We Share Your Information
We do not sell your personal information. We may share your data in the following circumstances:
3.1 Service Providers
We share information with trusted third-party vendors who assist in operating our Platform, including:
- Payment processors (for billing and subscription management)
- Cloud hosting providers (for data storage and infrastructure)
- Analytics services (for understanding usage patterns)
- Email service providers (for transactional and marketing emails)
- Customer support tools (for responding to inquiries)
These providers are contractually obligated to use your data only to perform services on our behalf and in accordance with this Privacy Policy.
3.1.1 Key Sub-Processors
| Provider | Purpose | Data Processed |
|---|---|---|
| Stripe | Payment processing | Billing details, payment method tokens |
| Cloudflare | CDN, DDoS protection, DNS | IP addresses, request metadata |
| OpenAI / Anthropic | AI-powered recommendations and analysis | URLs and content submitted to AI features (see Section 3.5) |
| Google Analytics | Usage analytics | Anonymized usage data, device info |
| Postmark / SendGrid | Transactional email delivery | Email address, message content |
We maintain a current list of sub-processors and will notify customers of material changes. Contact [email protected] for the full sub-processor list.
3.2 Legal Requirements
We may disclose your information if required by law, regulation, legal process, or governmental request, or if we believe disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.
3.3 Business Transfers
In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred to the acquiring entity. We will provide notice before your information is transferred and becomes subject to a different privacy policy.
3.4 Aggregate Data
We may share anonymized, aggregate data that cannot reasonably be used to identify you for industry benchmarking, research, and marketing purposes.
3.5 AI Feature Data Processing
When you use AI-powered features of the Platform, your inputs (such as URLs, content snippets, and audit data) may be transmitted to third-party AI providers for processing. Regarding this data:
- No model training: We do not use your data to train AI models, and we contractually prohibit our AI providers from using your data for training purposes
- Processing only: Your data is transmitted solely to generate the requested analysis, recommendations, or content
- Retention by AI providers: AI providers may temporarily cache your data for processing purposes in accordance with their data processing agreements, but do not retain it beyond the processing window
- No PII in AI inputs: Our Platform is designed to avoid sending personally identifiable information to AI providers. Do not include third-party PII in content submitted to AI features
4. Data Retention
We retain your information for the following periods:
| Data Type | Retention Period |
|---|---|
| Account information | Duration of account + 30 days after deletion |
| Audit reports and Trust Scores | Duration of account + 90 days |
| Payment records | 7 years (tax and legal compliance) |
| Usage and log data | 24 months from collection |
| Marketing preferences | Until you unsubscribe or delete your account |
| Support communications | 3 years from last interaction |
After the applicable retention period, data is securely deleted or anonymized. You may request earlier deletion as described in Section 6.
5. Data Security
We implement industry-standard security measures to protect your information, including:
- Encryption: All data transmitted between your browser and our Platform is encrypted using TLS/SSL (HTTPS)
- Access Controls: Strict role-based access controls limit employee access to personal data on a need-to-know basis
- Infrastructure: Our Platform is hosted on secure, SOC 2-compliant cloud infrastructure with regular security audits
- Monitoring: Continuous security monitoring and logging to detect and respond to potential threats
- Password Security: All passwords are hashed using industry-standard algorithms and are never stored in plaintext
While we strive to protect your information, no method of electronic storage or internet transmission is 100% secure. We cannot guarantee absolute security.
6. Your Rights and Choices
Depending on your location, you may have the following rights regarding your personal information:
6.1 All Users
- Access: Request a copy of the personal data we hold about you
- Correction: Request correction of inaccurate or incomplete data
- Deletion: Request deletion of your personal data, subject to legal retention requirements
- Marketing Opt-Out: Unsubscribe from marketing communications at any time via the unsubscribe link in any email or by contacting us
- Account Deletion: Request full account deletion by emailing [email protected]
6.2 California Residents (CCPA/CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):
- Right to Know: You may request details about the categories and specific pieces of personal information we have collected, the sources of collection, the business purposes for collection, and the categories of third parties with whom we share it
- Right to Delete: You may request that we delete your personal information, subject to certain exceptions
- Right to Opt-Out of Sale: We do not sell personal information. If this changes, we will provide a “Do Not Sell My Personal Information” link
- Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights
- Right to Correct: You may request correction of inaccurate personal information
- Right to Limit Use of Sensitive Personal Information: You may limit the use and disclosure of sensitive personal information, if applicable
To exercise your CCPA/CPRA rights, contact us at [email protected] or call our privacy line. We will verify your identity before processing your request. You may designate an authorized agent to make requests on your behalf.
6.3 European Economic Area (GDPR)
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR):
- Legal Basis: We process your data based on: (a) your consent, (b) the necessity to perform our contract with you, (c) our legitimate business interests, or (d) compliance with legal obligations
- Right to Access: Obtain confirmation of whether we process your data and request a copy
- Right to Rectification: Request correction of inaccurate data
- Right to Erasure: Request deletion of your data under certain circumstances
- Right to Restrict Processing: Request restriction of processing in certain situations
- Right to Data Portability: Receive your data in a structured, commonly used, machine-readable format
- Right to Object: Object to processing based on legitimate interests or for direct marketing
- Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent
- Right to Lodge a Complaint: File a complaint with your local data protection supervisory authority
To exercise GDPR rights, contact us at [email protected]. We will respond within 30 days.
6.4 Other U.S. State Privacy Laws
Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), and other states with consumer privacy laws may have similar rights to access, correct, delete, and opt out of certain data processing. Contact us at [email protected] to exercise your rights under applicable state law.
7. Cookies and Tracking Technologies
7.1 Types of Cookies We Use
| Cookie Type | Purpose | Duration |
|---|---|---|
| Essential | Required for Platform functionality (authentication, security, preferences) | Session or up to 1 year |
| Analytics | Help us understand how visitors interact with the Platform | Up to 2 years |
| Functional | Remember your preferences (theme, language, display settings) | Up to 1 year |
| Marketing | Track effectiveness of our advertising and provide relevant content | Up to 1 year |
7.2 Managing Cookies
You can control cookies through your browser settings. Most browsers allow you to block or delete cookies. Please note that disabling essential cookies may affect Platform functionality. You may also opt out of analytics tracking by using browser extensions such as the Google Analytics Opt-Out Add-on.
7.3 Email Tracking
Our transactional and marketing emails may contain tracking pixels (small, transparent images) that allow us to measure email open rates, click-through rates, and engagement patterns. This data helps us improve our communications. You can disable image loading in your email client to prevent pixel tracking. You may also opt out of marketing emails entirely via the unsubscribe link included in every email.
7.4 Do Not Track
Our Platform does not currently respond to “Do Not Track” (DNT) signals sent by your browser. We continue to monitor industry developments regarding DNT standards.
8. Children’s Privacy
The Platform is not intended for children under the age of 16 (or the applicable age of consent in your jurisdiction). We do not knowingly collect personal information from children. If we learn that we have collected information from a child under the applicable age, we will promptly delete it. If you believe a child has provided us with personal information, please contact us at [email protected].
9. International Data Transfers
Your information may be transferred to and processed in the United States, where our Platform infrastructure is located. If you are located outside the United States, you acknowledge that your data will be transferred to the U.S. We take appropriate safeguards to ensure your data is protected in accordance with this Privacy Policy, including:
- Standard Contractual Clauses (SCCs) approved by the European Commission, where applicable
- Data processing agreements with all service providers
- Adherence to applicable data protection frameworks
10. Third-Party Links and Services
The Platform may contain links to third-party websites, services, or tools. This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third-party services you access through or in connection with the Platform. We are not responsible for the privacy practices of third-party websites or services.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:
- Update the “Last Updated” date at the top of this page
- Notify you via email or a prominent notice on the Platform for significant changes
- Provide at least 30 days’ notice before material changes take effect, where required by law
Your continued use of the Platform after changes are posted constitutes your acceptance of the updated Privacy Policy.
12. Data Protection Officer
For privacy-related inquiries, data access requests, or to exercise your rights under applicable privacy laws, please contact our privacy team:
- Email: [email protected]
- Website: thetrustedsignal.com
We will respond to verified requests within 30 days (or sooner as required by applicable law).
13. Contact Us
If you have any questions, concerns, or complaints about this Privacy Policy or our data practices, please contact us:
- General Privacy Inquiries: [email protected]
- Legal Inquiries: [email protected]
- Support: [email protected]
- Website: thetrustedsignal.com