Privacy Policy

Truee Inc. (“Truee,” “we,” “us,” or “our”) operates a verified business identity platform at usetruee.com. This Privacy Policy explains how we collect, use, store, and share personal information when you use our Platform as a Business User, an AI Company consumer, or a visitor.

This Policy applies to data processed through usetruee.com and our API (api.usetruee.com / pub.usetruee.com). It should be read alongside our Terms of Service.

2.1 Account & Identity Data

• –Name and email address (collected at registration).
• –Password (stored as a salted cryptographic hash — never in plaintext).
• –Role and organisation details provided during onboarding.

2.2 Business / Truee Profile Data

• –Business name, trading name, address, phone numbers, email addresses, website URLs, operating hours, and other fields you add to your Truee Profile.
• –Product and service listings, location data, and any other structured business information you voluntarily submit.
• –Verification documents or proof of authority you provide to complete the verification process.

2.3 Payment Data

• –Billing name, billing address, and payment method details. Card numbers and sensitive payment credentials are collected and stored solely by our payment processors (Stripe and Paystack) — we do not store full card numbers.
• –Transaction records, invoices, and subscription history.

2.4 Usage & Technical Data

• –IP address, browser type, operating system, and device identifiers.
• –Pages visited, feature interactions, and session duration.
• –API request logs, including endpoint, timestamp, response codes, and API key identifier (not the key secret itself).
• –Error and crash reports.

2.5 API Query Data

When an AI Company or developer queries the Truee Verification API, we log metadata about each request: the API key identifier, timestamp, queried endpoint, and response code. We do not log the content of search terms or query parameters beyond what is necessary for security monitoring, rate-limit enforcement, and debugging. Query metadata is retained for 90 days and is not linked to end-user identities from AI partner platforms.

2.6 Data from Third Parties

• –Public sources — we may supplement Truee Profile data using publicly available official business sources, company filings, or web sources to assist with verification. We use this information solely to verify the accuracy of submitted data, not to build profiles beyond what is needed for the platform.
• –Payment processors — Stripe and Paystack may share transaction status, billing address, and fraud signals with us to complete your subscription and detect payment fraud.
• –Authentication providers — if you sign in via a third-party identity provider (e.g., Google SSO), we receive the name, email address, and profile picture associated with that account.

2.7 Communications Data

• –Emails, support tickets, and other messages you send to us.
• –Feedback and survey responses.

• –Service delivery — creating and managing your account, publishing and distributing your Truee Profile, providing API access, and processing payments.
• –Verification — confirming the identity and legitimacy of business entities that claim Truee Profiles.
• –Security & fraud prevention — detecting abuse, fraudulent registrations, and unauthorised API access.
• –Communications — sending transactional emails (account creation, payment receipts, subscription notices), and where you have opted in, product updates and announcements.
• –Platform improvement — analysing aggregated, anonymised usage patterns to improve features, fix bugs, and optimise performance. We do not use your personal data or profile content to train external AI or machine learning models (see Section 4).
• –Legal compliance — meeting obligations under applicable laws and regulations, including tax record-keeping.

The data you submit is used exclusively to operate the platform — to publish, sign, and distribute your business information to AI consumers as you have authorised. We may use aggregated, fully anonymised platform telemetry (e.g., page load times, error rates) internally to improve performance, but this does not involve your content.

If we ever consider using profile or usage data for model training in the future, we will update this Policy, provide advance notice, and offer a clear opt-out mechanism before any such use begins.

5.1 Nigeria Data Protection Act (NDPA)

Truee is incorporated and operates in Nigeria. Our primary data protection obligations are governed by the Nigeria Data Protection Act 2023 (NDPA) and the Nigeria Data Protection Regulation (NDPR). We process personal data only where we have a lawful basis under Nigerian law, including contract performance, legitimate interest, legal obligation, or consent.

5.2 GDPR / UK GDPR

If you are located in the European Economic Area (EEA) or United Kingdom, we also process your personal data in accordance with the GDPR / UK GDPR under the following legal bases:

• –Contractual necessity — processing required to provide the services you have subscribed to.
• –Legitimate interests — security monitoring, fraud prevention, and platform analytics (balanced against your privacy rights).
• –Legal obligation — retention of financial records, compliance with court orders.
• –Consent — marketing communications and non-essential cookies, which you can withdraw at any time.

We do not sell your personal data. We share information only in the following circumstances:

6.1 Service Providers

We engage trusted third-party processors to help operate the Platform, including:

• –Payment processors (Stripe, Paystack) — for billing.
• –Cloud infrastructure providers — for hosting and data storage.
• –Email delivery providers — for transactional and marketing email.
• –Analytics tools — for aggregated, anonymised usage analytics.

All processors are contractually bound to process data only on our instructions and to maintain appropriate security standards.

6.2 Legal Disclosures

We may disclose data to law enforcement, regulators, or courts where required by law, to protect our legal rights, or to prevent fraud or imminent harm.

6.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, user data may be transferred as part of the transaction. We will notify you before your data is transferred and becomes subject to a different privacy policy.

The business information you submit to your Truee Profile is intended to be publicly distributed. By publishing a Truee Profile you acknowledge and agree that:

• –Your profile data (business name, address, contact details, services, etc.) will be formatted as structured JSON-LD and made available to AI companies, large language model providers, search engines, and other API consumers via the Truee Verification API.
• –Your profile will be cryptographically signed with Truee's signing key so that AI systems can verify data authenticity and provenance.
• –This distributed profile data is public business information. It is not treated as personal data under privacy law where it relates solely to your role as a business representative. Where it includes personal data of individuals (e.g., contact persons), you are responsible for ensuring you have the appropriate basis to include it.

To remove your profile from distribution, you may delete your Truee Profile from the dashboard. Propagation of deletion to partner AI networks may take up to 30 days.

This section applies where Truee processes personal data on behalf of Business Users acting in a business-to-business capacity (for example, if a Business User submits data that includes personal information about their own customers, staff, or representatives as part of their Truee Profile).

In those circumstances:

• –The Business User is the data controllerof any personal data about their own customers or employees that they choose to include in their profile.
• –Truee acts as a data processor for that data — we process it only as instructed by the Business User (i.e., by publishing and distributing the profile as submitted).
• –Business Users are solely responsible for ensuring they have a lawful basis to include third-party personal data in a publicly distributed profile record, and for providing appropriate notice to those individuals.

We strongly recommend that Business Users include only publicly-facing business contact information in their Truee Profiles and avoid including personal data of private individuals. See also Section 6.5 of our Terms of Service.

• –Account data — retained for the duration of your account and deleted within 90 days of account closure, subject to legal hold obligations.
• –Truee Profile data — retained while your profile is active. Upon deletion, the canonical record is removed; cached copies in AI partner systems may persist for up to 30 days.
• –Financial records — retained for 7 years to comply with tax and accounting obligations.
• –API logs — retained for 90 days for security and debugging purposes.
• –Support communications — retained for 3 years to maintain context for ongoing support.

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• –Access — request a copy of the personal data we hold about you.
• –Rectification — correct inaccurate or incomplete data.
• –Erasure — request deletion of your data (subject to legal retention requirements).
• –Restriction — request that we limit processing of your data.
• –Portability — receive your data in a structured, machine-readable format.
• –Objection — object to processing based on legitimate interests or for direct marketing.
• –Withdraw consent — where processing is based on consent, withdraw it at any time without affecting prior processing.
• –CCPA rights — California residents have the right to know, delete, and opt out of the sale of personal information. We do not sell personal data.

To exercise any of these rights, contact us at privacy@usetruee.com. We will respond within 30 days (or within the timeframe required by applicable law). We may need to verify your identity before processing your request.

You also have the right to lodge a complaint with your local supervisory authority (e.g., the ICO in the UK, or the relevant Data Protection Authority in the EU).

11.1 What We Use

• –Essential cookies — required for authentication sessions and security. Cannot be disabled.
• –Analytics cookies — help us understand how the Platform is used (aggregated, anonymised). Used only with your consent.
• –Preference cookies — remember settings like language or display preferences.

11.2 Your Choices

You can manage cookie preferences through your browser settings. Disabling non-essential cookies will not prevent you from using the Platform but may affect certain features.

11.3 Do Not Track

Some browsers transmit “Do Not Track” (DNT) signals to websites. We currently do not alter our data collection practices in response to DNT signals, as there is no universally accepted standard for how such signals should be interpreted. We will reassess this position if an industry standard is adopted. In the meantime, you can limit tracking by adjusting your cookie preferences as described in Section 11.2.

We may create deidentified or aggregated data derived from information we collect — for example, statistics about platform usage patterns, API query volumes, or profile growth — where all personally identifying attributes have been removed or obscured such that the data cannot reasonably be re-linked to any individual.

We use deidentified information for internal analytics, product development, and may publish it in aggregated form (e.g., “over X Truee profiles verified”). We will not attempt to re-identify deidentified data and will contractually prohibit any third party we share it with from doing so.

The Platform is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact privacy@usetruee.com and we will delete the information promptly.

Truee operates from Nigeria. When you use the Platform, your data may be transferred to and processed in Nigeria and in other countries where our service providers (cloud hosting, payment processors, email delivery) are located, including the United States and Europe.

Cross-border transfers from Nigeria are conducted in accordance with the Nigeria Data Protection Act 2023, which requires that adequate safeguards are in place. For users in the EEA or UK, we rely on Standard Contractual Clauses (SCCs) or other approved transfer mechanisms to ensure an adequate level of data protection. A copy of our SCCs is available on request at privacy@usetruee.com.

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These include:

• –TLS encryption for all data in transit.
• –Encryption of data at rest.
• –Cryptographic signing of Truee Profile records.
• –Access control and role-based permissions for internal staff.
• –Regular security assessments and penetration testing.

For a detailed description of our security practices, please see our Security Policy at usetruee.com/security.

We may update this Privacy Policy periodically. We will notify you of material changes by email and by posting an updated policy on the Platform with a new effective date. Where required by law, we will seek your consent before implementing material changes.

For privacy questions, rights requests, or complaints, contact: