Privacy Policy

1. What we collect

• Email address. Required to create or join a deal. Used for verification and notifications.
• Display name. Shown to the other side of your deals.
• Chat messages and deal terms. Stored so both parties can reference the record and so AI verification can check delivery against terms.
• Delivery files or links. Stored until the deal resolves (or 30 days after, whichever is later) so either side can reference them.
• Payment metadata. Handled by Stripe. We store only the Stripe session identifier and amount — never card numbers, CVVs, or bank account details.
• Technical data. IP address (for security/rate-limiting), User-Agent header, trace IDs, error logs.

2. Why we collect it

• Run the deal flow (you and the other party both need the record).
• Verify deliveries against agreed terms via AI.
• Send transactional emails (verification codes, state transitions, reminders). Deal-related emails include a one-click unsubscribe.
• Prevent fraud, investigate abuse, comply with law.
• Improve the product in aggregate — we never sell individual data.

3. Who we share with

• The other party to your deal sees your display name, your chat messages with them, and your delivery (if you're the seller) or review decisions (if you're the buyer).
• Stripe processes payments and receives what they need to do so.
• OpenAI or equivalent AI providers may receive chat content and delivery references to produce drafts and run verification checks. We do not share email addresses with them.
• Email providers (Resend or your configured SMTP) receive the content of transactional emails.
• Law enforcement when legally compelled.

We never sell, rent, or trade personal data.

4. How long we keep it

• Active deal data: kept for the life of the deal plus 30 days.
• Resolved deal records: kept for 7 years for financial record-keeping (this is required by payment regulations and accounting law).
• Verification codes: 10 minutes.
• Audit logs: 2 years.
• Error logs: 90 days.

5. Your rights

You can:

• Export your data. POST to /api/gdpr/export with a verification token for your email; you'll receive a JSON bundle of everything we hold.
• Delete your personal data. POST to /api/gdpr/delete with a verification token. We'll scrub your email, display name, and chat content from our active records. Financial records for closed deals are retained per (4) above, but pseudonymized so they're no longer linked to you.
• Unsubscribe from emails. Click the unsubscribe link in any deal email, or POST to /unsubscribe.
• Complain to a regulator. If you're in the EU/UK, your local data protection authority.

6. Security

Sessions are signed with an HMAC secret rotated periodically. Email verification codes are single-use. Admin actions are audited. Stripe webhooks are signature-verified and idempotent. All traffic runs over TLS in production. No system is perfectly secure — report suspected vulnerabilities to security@trustdealapp.com.

7. Children

TrustDeal is not for anyone under 18. We don't knowingly collect data from minors. If you believe we have, email support@trustdealapp.com and we'll delete it.

8. Changes

Material changes announced by email. Continued use after an update means you accept the revised policy.

9. Contact

privacy@trustdealapp.com