Privacy Policy

Effective Date: February 5, 2026

Welcome to Trustbl. This Privacy Policy describes how Trustbl ("Trustbl," "we," "us," or "our") collects, uses, discloses, and protects your personal information when you access or use our website at https://trustbl.ai, our AI-powered sustainability, trust, and transparency platform, and any related services, applications, or tools (collectively, the "Services").

1. Introduction and Scope

This Privacy Policy applies to all users of our Services worldwide, including individual users, enterprise customers, and authorized representatives of organizations that access our platform through a subscription or trial arrangement. By accessing or using the Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our data practices described herein, please do not use the Services.

Trustbl is committed to protecting the privacy and security of your personal data and complying with applicable data protection laws, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), and other applicable privacy regulations worldwide.

2. Information We Collect

We collect information from and about you in several ways as described below.

2.1 Information You Provide Directly

  • Account Information: When you create an account, we collect your name, email address, job title, organization name, phone number, and login credentials.
  • Profile Information: Information you add to your profile, such as your role, department, professional certifications, and profile photograph.
  • Subscription and Billing Data: If you subscribe to our paid Services, we collect billing details including payment card information, billing address, and transaction history. Payment card data is processed by our third-party payment processors and is not stored on our servers.
  • Communications: When you contact us via email, support tickets, live chat, or other channels, we collect the contents of your messages, attachments, and any information you choose to provide.
  • User-Generated Content: Data you input, upload, or generate through the platform, including sustainability reports, ESG metrics, supply chain data, compliance documentation, and any other content submitted to the Services.

2.2 Information Collected Automatically

  • Usage Data: We automatically collect information about how you interact with the Services, including pages visited, features used, click paths, session duration, search queries entered within the platform, and the dates and times of your activity.
  • Device and Technical Data: We collect your device type, operating system, browser type and version, screen resolution, language preferences, IP address, and unique device identifiers.
  • Log Data: Our servers automatically record information in log files, including your IP address, the date and time of requests, referring and exit URLs, and system activity such as error reports and crash data.
  • Location Data: We may infer your approximate geographic location from your IP address. We do not collect precise geolocation data unless you explicitly provide it.

2.3 Information from Third Parties

  • Single Sign-On Providers: If you log in through a third-party service (such as Google Workspace, Microsoft Entra ID, or similar identity providers), we receive your name, email address, and basic profile information as authorized by your SSO provider.
  • Enterprise Administrators: If your employer or organization has enrolled you in a Trustbl enterprise subscription, your organization's administrator may provide us with your name, email address, and role within the organization.
  • Publicly Available Data: We may collect publicly available information relevant to sustainability and ESG metrics, such as published corporate reports, regulatory filings, and public environmental data, which may be incorporated into the platform's analytics.

3. Cookies and Tracking Technologies

We use cookies, web beacons, pixels, and similar tracking technologies to collect information about your browsing activity and to personalize and improve the Services.

3.1 Types of Cookies We Use

  • Essential Cookies: Required for core functionality, including authentication, session management, security, and load balancing. These cookies cannot be disabled without impairing the Services.
  • Analytics Cookies: Help us understand how users interact with the Services by collecting aggregated usage data. We use tools such as Google Analytics and similar analytics platforms.
  • Functional Cookies: Remember your preferences and settings, such as language, display options, and feature configurations, to provide a more personalized experience.
  • Marketing Cookies: Used to deliver relevant advertisements and to measure the effectiveness of our marketing campaigns. These may be placed by third-party advertising partners.

3.2 Managing Cookies

You can manage your cookie preferences through your browser settings or through our cookie consent banner displayed when you first visit our website. Please note that disabling certain cookies may affect the functionality of the Services.

4. How We Use Your Information

We use the information we collect for the following purposes:

  • Service Delivery: To provide, operate, maintain, and improve the Services, including processing your sustainability data, generating AI-powered insights and analytics, and delivering reports.
  • Account Management: To create and manage your account, authenticate your identity, and provide customer support.
  • Billing and Payments: To process subscriptions, payments, invoices, and related financial transactions.
  • Communications: To send you transactional emails (such as account confirmations and security alerts), service updates, and, where you have opted in, marketing communications about new features, products, and events.
  • Security and Fraud Prevention: To detect, prevent, and respond to security incidents, fraud, and abuse of the Services.
  • Legal Compliance: To comply with applicable laws, regulations, legal processes, and governmental requests.

If you are located in the European Economic Area (EEA), the United Kingdom, or another jurisdiction that requires a legal basis for processing personal data, we rely on the following bases:

  • Contractual Necessity: Processing necessary to perform our contract with you and provide the Services you have requested.
  • Legitimate Interests: Processing necessary for our legitimate business interests, such as improving our Services, ensuring security, and conducting analytics.
  • Consent: Where you have provided your explicit consent for specific processing activities, such as marketing communications.
  • Legal Obligation: Processing necessary to comply with applicable laws and regulations.

6. Data Sharing and Third Parties

We do not sell your personal information.

We may share your data with the following categories of recipients:

  • Service Providers: Third-party vendors who perform services on our behalf, such as hosting, payment processing, analytics, and customer support.
  • Business Partners: With your consent, we may share data with business partners for joint marketing or integration purposes.
  • Legal Requirements: When required by law, court order, or government regulation, or to protect our rights and the safety of others.
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

7. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. Specifically:

  • Account Data: Retained for the duration of your active account and up to 30 days after account termination to allow for data export.
  • Billing Records: Retained for up to 7 years to comply with tax and accounting regulations.
  • Analytics Data: Aggregated and anonymized data may be retained indefinitely for research and analysis purposes.

When personal data is no longer necessary for the purposes for which it was collected, we securely delete or anonymize it in accordance with our data retention and disposal policies.

8. Data Security

We implement and maintain robust technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit and at rest using industry-standard protocols
  • Regular security assessments, vulnerability testing, and penetration testing
  • Access controls and authentication mechanisms to limit access to authorized personnel only
  • Employee training on data security and privacy best practices
  • Incident response procedures to promptly address any security breaches

While we take all reasonable steps to protect your information, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security, but we are committed to promptly addressing any security incidents that may arise.

9. International Data Transfers

Trustbl operates globally, and your personal information may be transferred to, stored, and processed in countries other than the country in which you reside. These countries may have data protection laws that differ from the laws in your jurisdiction.

When we transfer personal data from the European Economic Area, the United Kingdom, or Switzerland to other countries, we use appropriate safeguards as required by applicable law, including:

  • Standard contractual clauses approved by the European Commission
  • Data processing agreements with third-party service providers
  • Adherence to recognized certification frameworks

You may request a copy of the safeguards we use for international transfers by contacting us at the address provided in the Contact Information section below.

10. Your Rights and Choices

Depending on your jurisdiction, you may have the following rights with respect to your personal information:

  • Access: Request access to the personal information we hold about you.
  • Correction: Request correction of inaccurate or incomplete personal information.
  • Deletion: Request deletion of your personal information, subject to certain exceptions.
  • Portability: Request a copy of your personal information in a structured, machine-readable format.
  • Object: Object to processing of your personal information for certain purposes.
  • Withdraw Consent: Withdraw your consent where processing is based on consent.

To exercise any of these rights, please contact us at privacy@trustbl.ai. We will respond to your request within the timeframe required by applicable law (typically within 30 days). We may need to verify your identity before processing your request.

If you believe that we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with your local data protection supervisory authority.

11. Children's Privacy

The Services are not directed to individuals under the age of 16 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected personal information from a child without appropriate parental or guardian consent, we will take prompt steps to delete that information. If you believe that a child has provided us with personal information, please contact us at privacy@trustbl.ai.

12. Do Not Track Signals

Some web browsers transmit "Do Not Track" (DNT) signals. Because there is no universally accepted standard for how to respond to DNT signals, our website does not currently respond to DNT signals. However, you can manage your tracking preferences through our cookie consent settings and your browser's privacy controls.

13. California Residents — Additional Rights

If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), including:

  • Right to know what personal information we collect, use, disclose, and sell
  • Right to delete personal information we have collected from you
  • Right to opt-out of the sale or sharing of personal information
  • Right to correct inaccurate personal information
  • Right not to be discriminated against for exercising your privacy rights

To exercise these rights, please contact us at privacy@trustbl.ai or call us at +1-408-916-8683.

14. Updates to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our data practices, legal requirements, or business operations. When we make material changes, we will notify you by posting the revised Privacy Policy on our website with an updated effective date and, where required by law, by sending you a direct notification via email or through the Services.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. Your continued use of the Services after any changes to this Privacy Policy constitutes your acceptance of those changes.

15. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Contact Us

Email: privacy@trustbl.ai

Phone: +1-408-916-8683

Address: Trustbl, Inc., 1234 Innovation Drive, San Francisco, CA 94107, USA