Privacy Policy

1. Introduction

Welcome to Trust Labs. This Privacy Policy explains how Trust Labs ("we," "us," or "our") collects, uses, shares, and protects your information when you use our website, trustlabs.pro (the "Website"), and our identity verification services (collectively, the "Services").

Our primary purpose is to enhance online trust by providing identity verification for online review platforms. By using our Services, you agree to the collection and use of information in accordance with this policy. We are committed to protecting your privacy and handling your data in an open and transparent manner.

2. Information We Collect

We collect information to provide and improve our Services. The types of information we collect are:

A. Information You Provide Directly

• Account Information: When you create an account, we collect your email address. If you choose to sign in using a third-party service like Google, we will also collect your name and profile picture as provided by that service.
• Biometric Information: During the identity verification process, we use a liveness check and a facial duplicate check. This process captures facial imagery to generate a secure biometric identifier (a "face vector"). We do not store the raw images or photographs of your face. We only store the resulting face vector, which is a mathematical representation of your facial features. Under laws like the GDPR and CCPA, this biometric data is considered a special or sensitive category of personal information.

B. Information Collected Automatically

• Usage Data: Like most websites, we may automatically collect information that your browser sends whenever you visit our Website. This may include your computer's Internet Protocol (IP) address, browser type, browser version, the pages of our Website that you visit, the time and date of your visit, and other diagnostic data.
• Cookies and Tracking Technologies: We may use cookies and similar tracking technologies to track activity on our Website and hold certain information. Cookies are files with a small amount of data which may include an anonymous unique identifier. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.

3. How We Use Your Information

We use the collected data for the following purposes:

• To Provide and Maintain our Services: To create and manage your account, perform the identity verification checks, and display your verification status on your private dashboard.
• To Fulfill Service Requests with Partners: Our core service involves allowing our partner companies (e.g., online review platforms) to check your verification status. When a partner requests this information, we confirm whether your account is verified. We do not share your underlying personal information like your email or biometric data with these partners.
• To Communicate With You: To send you essential, non-promotional communications related to your account and our Services, such as sign-in links and important service updates. We use Resend as our SMTP provider for these communications.
• For Security and Fraud Prevention: To protect the integrity of our Services, prevent fraudulent activity, and ensure the security of our platform and user data.
• For Legal Compliance: To comply with applicable legal obligations, legal processes, and lawful requests from public and government authorities.

4. Sharing Your Information

We do not sell your personal information. We may share your information in the following limited circumstances:

• With Third-Party Service Providers: We engage trusted third-party companies to perform functions and provide services to us. We share information with them only to the extent necessary to perform these services. Our key providers include:
  • Google: For authentication services (Google Sign-In/OAuth) if you choose to use this sign-in method.
  • Supabase: For secure database hosting and management of user account information.
  • Amazon Web Services (AWS): We use AWS's secure cloud infrastructure to host our service and to perform the facial analysis required to generate your biometric vector. We send the imagery captured during verification to AWS for processing, but we do not store the initial images.
  • Resend: To manage and send transactional emails.
• With Partner Companies: As described above, we will share your verification status (e.g., "Verified" or "Not Verified") with partner companies who query our database to legitimize their online reviews.
• For Business Transfers: In the event of a merger, acquisition, or asset sale, your personal information may be transferred. We will provide notice before your information is transferred and becomes subject to a different Privacy Policy.
• When Required by Law: We may disclose your information if we believe it is necessary to comply with a legal obligation, protect and defend our rights or property, or protect the personal safety of users or the public.

5. Data Security

We implement and maintain reasonable security procedures and practices to protect your information from unauthorized access, use, or disclosure. This includes using encryption for data in transit and at rest. Specifically for biometric data, we have designed our system to be privacy-preserving by only storing the face vector, not the original facial image.

However, no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security. You are responsible for keeping your account sign-in information secure.

6. User Rights

Depending on your location, you may have the following rights regarding your personal information:

• Right to Access: You have the right to request a copy of the personal information we hold about you.
• Right to Correction (Rectification): You have the right to request that we correct any inaccurate or incomplete information about you.
• Right to Deletion (Erasure): You have the right to request the deletion of your personal information, subject to certain legal exceptions.
• Right to Object to Processing: You may have the right to object to our processing of your personal information under certain conditions.

For Users in the European Economic Area (EEA), UK, and Switzerland:

Under the General Data Protection Regulation (GDPR), you have additional rights, including:

• Right to Withdraw Consent: Where we rely on your explicit consent to process special category data, such as biometric information, you have the right to withdraw that consent at any time.
• Right to Data Portability: You have the right to receive your personal information in a structured, commonly used, and machine-readable format.

For Users in California:

Under the California Consumer Privacy Act (CCPA), you have the right to:

• Know what personal information is being collected about you.
• Know if your personal information is sold or shared and to whom.
• Opt-out of the sale or sharing of your personal information.
• Limit the use and disclosure of sensitive personal information, such as biometric data.

To exercise any of these rights, please contact us at trustlabspro@gmail.com. We will respond to your request in accordance with applicable law.

7. Children's Privacy

Our Services are not intended for use by anyone under the age of 16 ("Children"). We do not knowingly collect personally identifiable information from children under 16. If you are a parent or guardian and you are aware that your child has provided us with personal information, please contact us. If we become aware that we have collected personal information from a child without verification of parental consent, we will take steps to remove that information from our servers.

8. International Data Transfers

Trust Labs is based in the United States. If you are accessing our Services from outside the United States, please be aware that your information, including personal data, will be transferred to, processed, and stored in the United States.

For transfers of personal data from the EEA, UK, or Switzerland, we rely on appropriate safeguards, such as the EU Standard Contractual Clauses (SCCs), to ensure that your data is protected to the standard required by European data protection law.

9. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date at the top. You are advised to review this Privacy Policy periodically for any changes.

10. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal information, please contact us at:

Email: trustlabspro@gmail.com