Privacy Policy

We collect the following categories of information directly from you, or as generated automatically when you use the Service:

• Identity and contact data: email address, mobile phone number (if provided), first name, last name, public handle, country of residence, language preference, referral code, and account creation timestamp.
• Profile photo / avatar: if you choose to upload a profile picture or avatar, we store the image so it can be displayed on your profile, your receipts, and to your counterparties. You may remove or replace it at any time from your profile settings; on removal, it is deleted from active storage.
• Authentication data: a salted, one-way hash of your password (we never store the plain password); time-based one-time-password (TOTP) secrets if you enable two-factor authentication; and cryptographic keys associated with biometric login on your device.
• Agreement data: the textual descriptions, monetary amounts, currency codes, counterparty handles, sealing timestamps, and (where applicable) decline, cancellation or dispute reasons for each agreement you create or are invited to.
• Reputation data: ratings and short written reflections you give to or receive from counterparties; your computed Composite Verification Index (CVI) score; the band or badge assigned to your account by that score; and the inputs that contribute to it.
• Device, session and network data: Internet Protocol (IP) address, approximate geographic location derived from that network address (such as country, region, city, and time zone), browser and operating-system identifiers, a device fingerprint hash, session start and end timestamps, and recent login locations shown to you in your active-sessions list.
• Notification preferences and channel identifiers: your preferred channels (email, SMS, push notification, messaging) and the corresponding identifiers you have chosen to register (such as a phone number, a push-subscription token, or a messaging chat identifier). You may add or remove any of these at any time.
• Activity data: records of your interactions with the Service such as logins, seals, ratings, page navigation, and feature usage. We use this to operate the Service, compute reputation, and detect fraud or abuse.
• Support correspondence: messages you send to our support or privacy addresses, including any attachments you choose to share.

• To create, secure, and operate your account and to provide the features of the Service (home, history, profiles, receipts, notifications, agreement workflows).
• To compute your reputation score and badge from your reflections and account activity, and to display these to you and your counterparties.
• To analyse account activity for the purpose of detecting fraud, abuse, automated accounts, manipulation of reputation, or other violations of our Terms.
• To send you transactional messages on the channels you have chosen, including verification codes, security alerts, agreement notifications, and account-related correspondence.
• To respond to your support and privacy requests.
• To comply with legal obligations, enforce our Terms, defend legal claims, and protect the rights, property, or safety of Trusta, our users, or the public.

• With your counterparties: when you seal an agreement with another user, your public handle, profile picture, and the agreement details are necessarily visible to that user. Reflections you give or receive are visible to the parties to that agreement and may, in aggregate or summary form, contribute to the public reputation displayed on your profile.
• With service providers: we use a small number of third-party service providers to operate the Service — for example to deliver email and short-message notifications, to host servers and databases, to monitor application errors, and to provide foreign-exchange reference rates. These providers are bound by written agreements that limit their use of any information we share to providing services to Trusta. We share with them only the minimum data they need to perform their function.
• For legal reasons: we may disclose information if required to do so by law, court order, or other valid legal process; to enforce our Terms; or to protect the rights, property, or safety of Trusta, our users, or others.
• In a corporate transaction: if Trusta is involved in a merger, acquisition, financing, reorganisation, or sale of assets, your information may be transferred as part of that transaction, subject to standard confidentiality protections.

• Account, profile, and agreement data: kept for the lifetime of your account.
• Activity records used for reputation and abuse-detection: kept for up to five years to support reputation explainability and security investigations.
• Active sessions: automatically expire after a period of inactivity (typically thirty days).
• One-time login codes and short-lived tokens: kept only for the few minutes needed for the relevant action.
• Backups: encrypted backups may persist for a limited rolling window after deletion from production systems for disaster-recovery purposes.
• Account deletion: when you delete your account, your account row, profile picture, contact identifiers, and personal activity history are removed from active systems within thirty days. Agreements you sealed remain visible on the receipts of your counterparties because they form part of those users’ own records, but your handle is replaced with an anonymised marker.

• Access — obtain a copy of the personal data we hold about you.
• Correction— ask us to correct information that is inaccurate or incomplete.
• Deletion— ask us to delete your account and associated personal data, subject to limited exceptions for legal, security, or fraud-prevention purposes.
• Portability— request a portable export of your data in a structured, commonly used, machine-readable format.
• Restriction and objection— ask us to restrict or object to certain processing of your data.
• Withdraw consent— where processing is based on your consent, withdraw that consent at any time.
• Lodge a complaint — with your local data-protection authority.

Most of these rights can be exercised directly from /settings. For anything self-service cannot do, email privacy [at] lightcode [dot] org and we will respond within thirty days. We may need to verify your identity before actioning a request.