Privacy Policy

Last updated: April 17, 2026. This policy describes what TrustLens collects, how we use it, and your rights.

Data we collect

• Account data: email, hashed password, Stripe customer ID.
• Search inputs: we hash (SHA-256) email, phone, and username inputs before persisting. We do not retain raw identifiers.
• Search results: probabilistic signals returned from public APIs, retained for 30 days then deleted.
• Usage data: IP, user-agent, action type, kept in an audit log for legal defensibility for up to 12 months.

What we do not do

• We do not sell your data.
• We do not scrape.
• We do not retain raw email or phone inputs.
• We do not allow TrustLens to be used as a consumer report.

Your rights

Under GDPR and CCPA you may request access, correction, portability, or deletion of your personal data. Email privacy@trustlensiq.com and we will respond within 30 days.

Processors

• Supabase (database, auth)
• Stripe (payments)
• Resend (email delivery)
• Vercel (hosting)
• Have I Been Pwned, Twilio Lookup, TinEye (data lookups)