Privacy Policy | TruePass

1. Overview

TruePass (“we,” “us”) takes your privacy seriously. This Policy explains what information we collect, how we use it, and your rights regarding that information. We do not sell your personal data to third parties.

2. Information We Collect

Account Information

Name and email address (required to create an account)
Password (stored as a one-way hash — we cannot read it)
Profile information you choose to provide (business name, location, social handles)

Billing Information

Payment card details are handled entirely by Stripe. TruePass stores only your Stripe Customer ID and subscription status — never raw card numbers or CVVs.

Identity Verification

When you opt into identity verification, Stripe Identity processes your government-issued ID and selfie directly on Stripe's infrastructure. TruePass receives only the verification outcome (verified / not verified) and the verified legal name. We do not store your ID photo, selfie image, or biometric data.

Verification Activity

Trust codes generated and their outcomes
Verification attempts (code entered, timestamp, IP address, user agent)
Whether a session was successful, failed, or locked

Technical Data

IP address and user agent string (for fraud detection and audit logs)
Device session data (approximate location derived from IP, device type)

3. How We Use Your Information

To operate and improve the TruePass platform
To verify dealer identities and surface trust signals to buyers
To detect and prevent fraud and abuse
To send transactional emails (verification codes, subscription receipts, security alerts)
To comply with legal obligations

We do not use your data for advertising or sell it to data brokers.

4. Public Dealer Profiles

Dealer profiles are publicly visible by default (you can opt out in your settings). Public profiles display your business name, location, verified social handles, verified payment methods, and trust score. They do not display your email address, phone number, or billing information.

5. Data Sharing

We share data only with:

Stripe — for payment processing and identity verification
Supabase — our database hosting provider (data stored in the US)
Resend — for transactional email delivery
Law enforcement — when required by law or to protect safety

6. Data Retention

We retain your account data for as long as your account is active. Verification session logs and audit logs are retained for 3 years for fraud investigation purposes. After account deletion, we may retain anonymized, aggregated data for analytics.

7. Your Rights

Depending on your location, you may have the right to:

Access the personal data we hold about you
Request correction of inaccurate data
Request deletion of your account and associated data
Object to certain processing activities
Data portability (receive your data in a machine-readable format)

To exercise these rights, email privacy@truepass.app.

8. Security

We use industry-standard security practices including TLS encryption in transit, bcrypt password hashing, two-factor authentication for dealer accounts, and role-based access controls. No method of transmission or storage is 100% secure; we cannot guarantee absolute security but we are committed to protecting your data.

9. Cookies

TruePass uses session cookies for authentication (managed by NextAuth.js) and essential functional cookies. We do not use advertising cookies or third-party tracking pixels.

10. Children

TruePass is not directed to individuals under 18. We do not knowingly collect personal data from minors. If you believe a minor has created an account, contact us at privacy@truepass.app.

11. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated via email or in-app notice. Continued use of TruePass after changes are posted constitutes acceptance.

12. Contact

Privacy questions or requests: privacy@truepass.app
TruePass / Biel Watches LLC — Florida, United States