TRUSTED CODES

Trusted Codes Privacy Policy

Last Updated: December 2025

1. Introduction

Welcome to Trusted Codes. We are committed to protecting your privacy and ensuring transparency about how we handle your data. Trusted Codes is operated by:

Stefan Sonntag
Trading as: Trusted Codes (Sole Proprietor / Einzelunternehmer)
Leonrodstr. 14b, 80634 Munich, Germany

Contact:

Jurisdiction: German law, courts of Munich

About the Service:
Trusted Codes is an identity verification solution designed to protect against impersonation, deepfakes, and AI-based voice cloning. The service generates rotating three-word verification codes, enabling users to confirm contact consistency across any communication channel. The app works 100% offline after initial setup and is available on iOS and Android.

Pricing Tiers:

  • Free: Personal use, limited connections
  • Pro: Paid subscription with expanded features
  • Business: Coming soon (B2B only)

2. Two-Tier Data Protection Architecture

Trusted Codes uses a two-tier data protection model, designed to balance security, privacy, and operational needs. We are transparent about what we can and cannot access.

2.1 Tier 1 – True Zero-Knowledge (Core Security)

The "zero-knowledge" properties described in this section apply only to the data types listed below (together, "Tier 1 Data") and mean Trusted Codes cannot access the plaintext of such Tier 1 Data, including under legal compulsion. This does not mean Trusted Codes does not process personal data generally; Trusted Codes continues to process certain account, device, and operational data described elsewhere in this Privacy Policy as a data controller.

Data TypeStorage LocationAccess
Codeword derivation secretsEncrypted on server + deviceOnly user devices can decrypt
Verification codesGenerated locally on deviceNever transmitted
Private cryptographic keysDevice secure enclave (Keychain / Keystore)Never leaves device

Implications:

  • Trusted Codes cannot generate verification codes for users.
  • Trusted Codes cannot impersonate your contacts.
  • Even in a server breach, core verification functionality cannot be compromised.

2.2 Tier 2 – Encrypted Metadata (Decryptable for Legitimate Operations)

Other data is encrypted at rest using AES-256. Keys are managed in a cloud Key Management Service (AWS KMS / GCP Cloud KMS), stored separately from databases.

Data TypeEncryption StatusWho Can Decrypt
Email addressesAES-256 encryptedTrusted Codes (via KMS)
Display namesAES-256 encryptedTrusted Codes (via KMS)
Device namesAES-256 encryptedTrusted Codes (via KMS)
Contact names (user-assigned)AES-256 encryptedTrusted Codes (via KMS)
Connection metadataAES-256 encryptedTrusted Codes (via KMS)

Database administrators do not have access to decryption keys.

Decryption occurs only for:

  • User support requests
  • Account recovery procedures
  • Responding to valid legal orders
  • Fraud investigation and prevention
  • Sending transactional emails

Important: Metadata decryption is not zero-knowledge. Trusted Codes can access email and display name if operationally required.

3. Information We Collect

Trusted Codes collects minimal data to operate and secure the service. Data is divided into the following categories:

3.1 Account Information (Encrypted – Decryptable)

  • Email address
  • Display name
  • Preferred language (plaintext for service delivery)
  • Account creation date

3.2 Device Information

  • Platform type (iOS / Android)
  • Push notification token
  • Public cryptographic key
  • Device fingerprint (hash of public key + device metadata)

3.3 Connection Information

  • Contact names you assign (encrypted – decryptable)
  • Encrypted cryptographic secrets (TRUE ZERO-KNOWLEDGE)
  • Connection metadata (timestamps, connection status)

3.4 Activity Logs (Auto-deleted after 90 days)

  • Login events
  • Account actions (connection creation, member management)
  • Trust ratings given
  • AI chat questions

Not logged: IP addresses, user agent strings

3.5 Analytics (Truly Anonymized)

  • Aggregated event counts (account created, connection created, verification success/failure)
  • No user or device identifiers
  • No IP addresses
  • Cannot be reverse-engineered
  • Retained indefinitely as non-personal data

3.6 Marketing Attribution (Optional)

  • UTM parameters (source, medium, campaign)
  • Referral codes

3.7 Fraud Prevention Data (MaxMind)

  • IP address processed to derive geolocation (country, region, city, timezone)
  • IP itself is never stored
  • Used for fraud detection and prevention

4. Information We Cannot Access (True Zero-Knowledge)

  • Core verification secrets and keys
  • Verification codes generated on device
  • Private cryptographic keys stored in device Keychain / Keystore
  • Device information such as name, model, or serial numbers

This ensures:

  • Trusted Codes cannot impersonate any user or their contacts
  • Verification remains secure even in server compromise

5. Information We Can Decrypt (Encrypted Metadata)

Data encrypted at rest can be decrypted only for legitimate operational purposes:

  • Email, display name, group or contact names
  • Connection metadata
  • Transactional email processing

6. How We Use Your Information

Trusted Codes uses collected information for:

  • Account creation and authentication
  • Multi-device synchronization
  • Sending connection invitations and alerts
  • Fraud detection and security monitoring
  • Improving service quality through aggregated analytics
  • AI-powered in-app help

We do not:

  • Sell your personal information
  • Track your activity outside the app
  • Share decrypted personal data with third parties without legal basis

7. Legal Basis for Processing (Article 6 GDPR)

Data CategoryProcessing PurposeLegal Basis (Art. 6)
Email, Display NameAccount creation, authentication, supportArt. 6(1)(b)
Device InformationService delivery, synchronizationArt. 6(1)(b)
Connection Data (metadata)Core functionalityArt. 6(1)(b)
Codeword SecretsVerification code generationArt. 6(1)(b)
Push Notification TokensDelivering invitations and alertsArt. 6(1)(b)
Activity LogsSecurity monitoring, troubleshootingArt. 6(1)(f)
AI Chat QuestionsSupport and documentationArt. 6(1)(f)
Anonymized AnalyticsService improvementArt. 6(1)(f)
MaxMind Fraud Prevention & IP GeolocationFraud prevention & geolocationArt. 6(1)(f)
Marketing AttributionUnderstand acquisition channelsArt. 6(1)(f)

8. AI-Powered Help (Google Gemini)

Trusted Codes integrates Google Gemini to provide in-app help:

  • User submits question → sent to Google Gemini API
  • No user identifiers are shared
  • Data processing agreement ensures no model training with your data
  • Chat logs retained for 90 days, then auto-deleted
  • Aggregate analysis used to improve documentation

Legal basis: Art. 6(1)(f) GDPR – legitimate interest in user support

9. Data Security

  • AES-256 encryption at rest
  • TLS 1.3 encryption in transit
  • Key separation via cloud KMS
  • Device-local secure storage for cryptographic keys
  • No plaintext sensitive data stored outside user device

10. Data Retention

Data TypeRetention PeriodDeletion MethodTrigger
Account infoUntil account deletionAutomaticUser deletes account
Device infoUntil device removedAutomaticDevice removal / account deletion
Connection dataUntil connection deletedAutomaticEither party deletes connection
Connection secretsUntil connection deletedAutomaticConnection deletion
Activity logs90 daysAutomaticTime-based
AI chat logs90 daysAutomaticTime-based
Push tokensUntil device removedAutomaticDevice removal
Anonymized analyticsIndefiniteN/ANot personal data
Stripe billing recordsPer Stripe policy (~7 years)Retained by StripeLegal/tax requirement

Account and connection data are retained for the duration of the user account and deleted or anonymised within a reasonable period following account deletion, unless legal obligations require longer retention.

11. Account Deletion

Users can delete their account at any time via app settings. This triggers:

  • Automatic deletion of account, device info, connections, and secrets
  • Removal from all operational metadata
  • Deletion of push notification tokens

12. Third-Party Services (Sub-Processor List)

Sub-processors (current as of December 2025):

Core Service Sub-processors

ProviderPurposeLocationData SharedSCCsPrivacy Policy
SupabaseDB hosting, authUS (EU data region)Account data, encrypted connectionsYes (2021)Link
AWS/GCP KMSKey managementUSEncryption keys onlyYes (2021)AWS/GCP privacy
Google GeminiAI chatUSChat questions onlyYes (2021)Link
ResendTransactional emailsUSEmail (decrypted for sending)Yes (2021)Link
StripePaymentsUSPayment data onlyYes (2021)Link
ExpoPush notificationsUSPush tokensYes (2021)Link
MaxMindFraud prevention & IP geolocationUSFraud scores & derived geolocationYes (2021)Link

Optional Authentication Providers

ProviderPurposeLocationData SharedPrivacy Policy
Google Sign-InOAuth authUSName, emailLink
Apple Sign-InOAuth authUSName, emailLink

Website-Only Sub-processors

ProviderPurposeLocationData SharedPrivacy Policy
Plausible AnalyticsWebsite analyticsEU self-hostedAnonymous, no cookiesLink
Google SheetsWaitlist & contact formsUSEmail, name, messageLink
Sentry (optional)Error monitoringUSError reports (masked)Link

Note: List may change; material changes notified with 30-day notice.

13. International Data Transfers

Wherever possible, we have chosen Europe as the deployment region for our sub-processors to minimize international data transfers.

Safeguards:

  • Standard Contractual Clauses (2021 SCCs) with all US sub-processors
  • Data Processing Agreements (DPAs) in place
  • AES-256 encryption at rest, TLS 1.3 in transit
  • Separation of encryption keys from data

For SCCs or details: privacy@trusted.codes

14. Cookies and Local Storage

We do not use:

  • Cookies (session, tracking, analytics)
  • Tracking pixels or web beacons
  • Browser fingerprinting or cross-site tracking
  • Advertising identifiers

Mobile apps store locally:

  • Private cryptographic keys
  • Encrypted connection secrets
  • User settings

Security:

  • Protected by device PIN or biometrics
  • Never transmitted to servers
  • Deleted on uninstall or account deletion

Website: Uses Plausible Analytics (cookie-free, anonymous)

15. Your Rights (GDPR + CCPA)

GDPR Rights (EU/EEA)

  • Right of Access (Art. 15)
  • Right to Rectification (Art. 16)
  • Right to Erasure (Art. 17)
  • Right to Restriction (Art. 18)
  • Right to Data Portability (Art. 20)
  • Right to Object (Art. 21)
  • Right to Withdraw Consent

Exercise rights: privacy@trusted.codes, 30-day response. ID verification may be requested.

Complaint: Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)

CCPA Rights (California)

  • Right to know collected information
  • Right to know if info is sold (we do not sell)
  • Right to deletion
  • Right to non-discrimination

Requests may be submitted via email to privacy@trusted.codes. Trusted Codes may need to verify the requester's identity before fulfilling a request.

16. Data Breach Notification

In case of personal data breach posing risk to rights/freedoms:

  • Notify BayLDA within 72 hours
  • Notify affected users if high risk
  • Include breach nature, likely consequences, measures taken

Contact: privacy@trusted.codes

17. Children's Privacy

Trusted Codes does not knowingly process personal data of children under the age of 16. If such processing becomes known, the data will be deleted without undue delay.

In any event, parents may request deletion via privacy@trusted.codes.

18. Data Protection Officer Status

No DPO appointed because:

  • Core activity is verification, not monitoring
  • True zero-knowledge for core data
  • No special category data processed
  • Limited personal data collected

Privacy inquiries: privacy@trusted.codes

19. Changes to This Policy

Updates may occur. Notification via:

  • Updating 'Last Updated' date
  • Email for significant changes
  • App notice for material changes

Changes effective 30 days after posting unless legally required otherwise.

20. Contact Us

Trusted Codes