Privacy Policy

1. Introduction

TrustScope, Inc. ("TrustScope," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI agent observability and monitoring platform (the "Service").

This policy applies to information we collect through our website at trustscope.ai, our dashboard application, our APIs, and any other services we provide. By using our Service, you agree to the collection and use of information in accordance with this policy.

If you are using our Service on behalf of an organization, you are agreeing to this policy on behalf of that organization, and you represent that you have the authority to bind that organization to these terms.

2. Information We Collect

We collect several types of information to provide and improve our Service:

2.1 Account Information

When you create an account, we collect your email address, name, company name, and any other information you choose to provide. This information is necessary to provide you with access to our Service and to communicate with you about your account.

2.2 Usage Data

We collect information about how you interact with our Service, including API calls made to our platform, feature usage patterns, dashboard interactions, and service logs. This data helps us understand how our Service is used and how we can improve it.

2.3 Payment Information

When you subscribe to a paid plan, payment information is collected and processed by our third-party payment processor, Stripe. We do not directly store your full credit card number or banking details. We receive and store only limited information from Stripe, such as the last four digits of your card, card type, and billing address, to help you manage your subscription.

2.4 Technical Data

We automatically collect certain technical information when you access our Service, including your IP address, browser type and version, device type, operating system, referring URLs, and timestamps of access. This information is used for security purposes and to optimize our Service for different devices and browsers.

2.5 AI Agent Data

The core of our Service involves receiving and processing data from your AI agents. This includes traces, spans, tool calls, prompts, model responses, and any metadata you send to our platform. This is Customer Data that you provide to us for the purpose of using our Service. You retain all rights to your Customer Data, and we process it solely to provide the Service to you. We do not use your AI agent data to train machine learning models or for any purpose other than providing the Service.

3. How We Use Your Information

We use the information we collect for the following purposes:

• Provide and Maintain the Service: To operate our platform, process your AI agent traces, display analytics and insights, and provide customer support.
• Process Payments: To process your subscription payments, manage billing, and handle refunds or disputes.
• Service Communications: To send you technical notices, updates, security alerts, and support messages. These are transactional communications that are necessary for the Service.
• Improve the Service: To understand how users interact with our platform, identify areas for improvement, and develop new features.
• Security and Fraud Prevention: To detect, investigate, and prevent fraudulent transactions, abuse, and other harmful activities, and to protect the rights and safety of TrustScope and our users.
• Legal Compliance: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests.

4. Data Retention

We retain your information for as long as necessary to provide our Service and fulfill the purposes described in this policy.

4.1 AI Agent Data (Customer Data)

Your AI agent traces and associated data are retained according to your subscription tier's retention period:

• Free tier: 3 days
• Pro tier: 30 days
• Team tier: 90 days
• Enterprise tier: Up to 3 years (customizable)

After the retention period expires, your AI agent data is automatically deleted from our systems.

4.2 Account Data

Your account information (email, name, company, settings) is retained for as long as your account is active. If you choose to close your account, we will delete your account data within 30 days of receiving your deletion request, except where we are required to retain certain information for legal, tax, or regulatory purposes.

4.3 Backup Retention

Deleted data may persist in our backup systems for up to 90 days before being permanently removed. During this period, the data is not accessible or used for any purpose other than disaster recovery.

5. Data Sharing and Disclosure

We do not sell your personal information or your Customer Data. We may share your information only in the following circumstances:

5.1 Service Providers

We share information with third-party service providers who perform services on our behalf, such as:

• Cloud infrastructure providers (hosting, data storage)
• Payment processors (Stripe)
• Email service providers (transactional emails)
• Analytics providers (aggregated usage data only)

These providers are contractually obligated to use your information only to provide services to us and are bound by confidentiality obligations.

5.2 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court order, subpoena, or government agency request). We will notify you of such requests unless prohibited by law.

5.3 Business Transfers

If TrustScope is involved in a merger, acquisition, or sale of all or a portion of its assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our Service of any change in ownership or uses of your information, as well as any choices you may have regarding your information.

5.4 With Your Consent

We may share your information with third parties when you have given us explicit consent to do so.

6. Data Security

We take the security of your data seriously and implement industry-standard measures to protect it:

• Encryption in Transit: All data transmitted between your systems and our Service is encrypted using TLS 1.3.
• Encryption at Rest: All data stored in our systems is encrypted using AES-256 encryption.
• SOC 2 Compliance: We are currently pursuing SOC 2 Type II certification and maintain controls aligned with SOC 2 Trust Service Criteria.
• Regular Security Audits: We conduct regular security assessments, penetration testing, and vulnerability scans.
• Access Controls: We implement role-based access controls and the principle of least privilege for all internal access to customer data.

For more information about our security practices, please visit our Security page.

7. Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information:

7.1 Rights for All Users

• Access: Request a copy of the personal information we hold about you.
• Correction: Request correction of inaccurate or incomplete personal information.
• Deletion: Request deletion of your personal information, subject to certain exceptions.
• Data Portability: Request a copy of your data in a structured, machine-readable format.
• Opt-Out of Marketing: Unsubscribe from marketing communications at any time using the link in our emails.

7.2 Additional Rights for EEA/UK Residents (GDPR)

If you are located in the European Economic Area or United Kingdom, you also have the right to:

• Restriction: Request restriction of processing of your personal information.
• Objection: Object to processing of your personal information based on legitimate interests.
• Withdraw Consent: Where processing is based on consent, withdraw your consent at any time.
• Lodge a Complaint: Lodge a complaint with your local data protection authority.

Our legal basis for processing personal information includes: performance of a contract (to provide the Service), legitimate interests (to improve and secure our Service), and compliance with legal obligations.

7.3 California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to Know: Request information about the categories and specific pieces of personal information we have collected.
• Right to Delete: Request deletion of your personal information.
• Right to Opt-Out: We do not sell personal information. However, you may still opt out of any sharing for cross-context behavioral advertising.
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

Do Not Sell or Share My Personal Information: TrustScope does not sell your personal information or share it for cross-context behavioral advertising purposes.

To exercise any of these rights, please contact us at privacy@trustscope.ai. We will respond to your request within 30 days (or within the timeframe required by applicable law).

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to operate our Service:

8.1 Essential Cookies

We use essential cookies that are strictly necessary for the operation of our Service. These include cookies for authentication, session management, and security. You cannot opt out of these cookies as they are required for the Service to function.

8.2 Analytics

We may use analytics tools to understand how users interact with our Service. This data is used to improve our Service and is not used for advertising purposes. You can opt out of analytics tracking through your browser settings or by contacting us.

8.3 No Third-Party Advertising

We do not use third-party advertising cookies or tracking pixels. We do not serve advertisements on our Service or participate in advertising networks.

9. International Data Transfers

TrustScope is based in the United States, and your information is processed and stored on servers located in the United States. If you are accessing our Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States.

For transfers of personal data from the European Economic Area, United Kingdom, or Switzerland to the United States, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, along with supplementary measures where necessary, to ensure that your data receives an adequate level of protection.

Enterprise customers may request a Data Processing Agreement (DPA) that includes Standard Contractual Clauses by contacting legal@trustscope.ai.

10. Children's Privacy

Our Service is not intended for use by children under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete that information promptly. If you believe that we may have collected information from a child under 16, please contact us at privacy@trustscope.ai.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. When we make material changes to this policy, we will:

• Update the "Last Updated" date at the top of this policy
• Notify you by email (if you have an account with us)
• Display a prominent notice on our Service

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of the Service after any changes to this policy constitutes your acceptance of the updated policy.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We will respond to all privacy-related inquiries within 30 days.