Trueings

Privacy

Privacy notice

Version 2026-05-20 · EU region · GDPR by design

Trueings is a confidential feedback platform. It is built so that feedback shared in good faith reaches the person it was meant for, and nobody else. This notice explains, in plain language, what personal data we process and on what legal basis, how long we keep it, who we share it with, and the rights you have.

1. Who we are

Trueings (“we”, “us”) is the controller of personal data described in this notice. Reach us at privacy@trueings.com.

2. Who this notice is for

  • Subjects — independent professionals who run a feedback campaign about themselves.
  • Respondents — peers, clients, colleagues, or supervisors invited by a subject to share feedback.
  • Visitors — anyone browsing our public pages.

When a subject’s licence is supplied by a company under the B2B2C channel, the subject remains the data subject. The company never has access to the subject’s account, content, or report.

3. What we process and why

Subjects

  • Account: email (for magic-link sign-in), display name, country, profession. Lawful basis: contract (service delivery).
  • Feedback content received about you, in aggregated and confidentiality-filtered form. Lawful basis: legitimate interest in your personal development, with explicit consent at sign-up.
  • Billing data, if you upgrade. Handled by Stripe; we receive a customer reference and subscription state, not card details.

Respondents

  • Name and email used to invite you (provided by the subject).
  • Your responses to the AI interviewer. Lawful basis: explicit consent recorded at the start of each interview. Identity is kept confidential from the subject unless you explicitly opt in.
  • Optional attribution / quoted material, only where you tick the opt-in box for that specific item.

Visitors

  • Standard server logs (IP, user-agent, timestamps) for security and abuse prevention. Lawful basis: legitimate interest.
  • Privacy-friendly product analytics (no tracking cookies). May be inactive depending on configuration; see the cookie note below.

4. How long we keep it

  • Raw conversational transcripts are deleted automatically 30 days after each campaign’s synthesis is finalised. After that, only the confidentiality-filtered aggregate remains. This runs as a scheduled job — no human action required.
  • Synthesised reports remain available to the subject for as long as the account exists, so progress can be tracked across rounds.
  • Consent records are retained for the lifetime of the account plus a reasonable archival period, as proof of lawful processing under GDPR.
  • Billing records are retained for the period required by tax and accounting law in the relevant jurisdiction.
  • On account deletion, personal data is erased subject to statutory record-keeping obligations. Aggregated, anonymised statistics may remain.

5. Confidentiality safeguards

Confidentiality is not a setting in Trueings — it is the structure of the product. Four safeguards run on every report:

  • A minimum-respondent threshold, below which detail is deliberately reduced or withheld behind a one-time acknowledgement.
  • Themes, never individual answers; no quotes, counts, or fingerprinting specifics unless attributable to an opted-in respondent.
  • A mandatory final scrub of names, emails, URLs, handles, and long numeric strings.
  • 30-day deletion of raw transcripts, as described above.

For B2B2C subjects, additional layers minimise leakage of company-confidential information (project codenames, client identities). See How it works for the method.

6. Sub-processors

We use the following sub-processors. The list reflects providers actively in use; details may be updated as the service evolves.

  • Supabase — managed Postgres database and passwordless authentication. EU region.
  • Anthropic — large-language-model inference for the AI interviewer, synthesizer, and confidentiality guard. Operates under a zero-retention agreement for our traffic; content is not used to train models. Region and transfer basis will be updated here when finalised.
  • Resend — transactional email delivery (magic-link sign-in, respondent invitations). EU region.
  • Stripe — payment processing for paid plans. We do not store card details.

We do not sell personal data and do not use it for advertising.

7. International transfers

Data primarily resides in the European Union. Where a sub-processor is established outside the EU, transfers are covered by Standard Contractual Clauses or an equivalent adequacy mechanism, and are minimised to what the service requires.

8. Your rights

Under GDPR you have the right to access, rectify, erase, port, restrict, or object to the processing of your personal data, and to withdraw consent at any time. Subjects can exercise these rights directly from the dashboard under Privacy (account export and erasure). Respondents and visitors can email privacy@trueings.com. You also have the right to lodge a complaint with your local data protection authority.

9. Cookies

Trueings does not use advertising cookies or third-party tracking. We use a small number of strictly necessary cookies for sign-in and CSRF protection.

10. Changes to this notice

When this notice changes materially, signed-in subjects are asked to re-accept on next visit. The version number at the top of this page increments with every material change.