Privacy Policy

1. Introduction

Trusted Codes ("we," "our," or "us") operates the trusted.codes identity verification service. We are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

Our service is built on a zero-knowledge architecture. This means we cannot access your verification codes or the cryptographic secrets used to generate them. Privacy is not just a policy—it's built into our technology.

2. Information We Collect

2.1 Account Information (Encrypted at Rest)

When you create an account, we collect:

• Email address — Encrypted server-side using AES-256
• Display name — Encrypted server-side using AES-256
• Preferred language — Stored in plaintext for service delivery
• Account creation date — For account management purposes

If you sign in using Google or Apple, we receive your name and email from those services.

2.2 Device Information

When you register a device with our service, we collect:

• Device name — Encrypted server-side (e.g., "John's iPhone")
• Platform type — iOS or Android (stored in plaintext)
• Push notification token — For sending notifications to your device
• Public cryptographic key — Required for end-to-end encryption
• Device fingerprint — A cryptographic hash of your public key and device metadata (not personally identifiable)

2.3 Connection Information

When you establish connections with others:

• Contact names — Names you assign to contacts (encrypted end-to-end)
• Encrypted secrets — Cryptographic material encrypted so only you and your contact can decrypt it
• Connection metadata — Timestamps, connection status

2.4 Analytics Information (Anonymized)

We collect anonymized, aggregate analytics with no personally identifiable information:

• Account creation and deletion events (counts only)
• Connection creation and deletion events
• Connection membership events (member added/removed)
• Verification events (correct/incorrect code entered) — No user IDs attached

These analytics help us understand service usage patterns and improve the product.

2.5 Activity Logs (Auto-Deleted)

We maintain activity logs for security and troubleshooting that include:

• Login events
• Account actions (connection creation, member management)
• Trust ratings given

Important: Activity logs are automatically deleted after 90 days. We do not log IP addresses or user agent strings.

2.6 Marketing Attribution (Optional)

If you arrive via a marketing campaign, we may store:

• UTM parameters (source, medium, campaign, term, content)
• Referral codes

This helps us understand how users discover our service.

2.7 Geolocation (Disabled by Default)

We have optional fraud detection capabilities using MaxMind that can derive location from IP addresses. When enabled:

• We detect country, region, city, and timezone
• IP addresses are never stored — only the derived location
• This feature is disabled by default and only used for fraud prevention

3. Information We Cannot Access

Due to our zero-knowledge architecture, the following data is cryptographically protected:

Even if our servers were compromised, attackers could not:

• Generate verification codes for any user
• Decrypt shared secrets between users
• Access your private cryptographic keys
• Impersonate you to your contacts

4. How We Use Your Information

We use your information to:

• Provide the service — Enable identity verification and secure connections
• Authenticate you — Verify your identity when you sign in
• Send notifications — Deliver connection invitations, security alerts, and service updates
• Improve our service — Analyze anonymized usage patterns
• Prevent fraud — Detect and prevent unauthorized access
• Communicate with you — Respond to support requests and send important updates
• Comply with legal obligations — Meet regulatory requirements

5. Data Security

5.1 Encryption Technologies

We implement multiple layers of industry-standard encryption:

5.2 Device Security

• Biometric/PIN protection — Your device's Face ID, Touch ID, or PIN protects access to the app
• Secure enclave storage — Private keys are stored in your device's hardware security module
• No plaintext secrets — Cryptographic secrets are never stored unencrypted

5.3 Server Security

• No plaintext PII — All personal information is encrypted before storage
• No IP logging — We explicitly removed IP address logging for GDPR compliance
• Automatic data retention — Activity logs are deleted after 90 days
• Access controls — Server-side data access requires authentication and authorization

6. Data Retention

7. Account Deletion

You can delete your account at any time. When you do, we permanently delete:

• Your user profile and all encrypted PII
• All your devices and their public keys
• All your connections and memberships
• All invitations you sent or received
• All your activity logs
• All your notifications
• All trust ratings you gave or received
• Your authentication credentials

Note: If you are the only member of a connection, it is deleted. If you own a connection with other members, ownership is transferred to another member.

We send a confirmation email after deletion. Connected users are notified that you have left shared connections.

8. Third-Party Services

We use the following third-party services:

8.1 Infrastructure & Authentication

• Supabase — Database hosting, authentication, and serverless functions
  Privacy Policy

8.2 Email Delivery

• Resend — Transactional email delivery (login codes, invitations)
  Privacy Policy
  Note: Email addresses are encrypted at rest and only decrypted when sending

8.3 Payment Processing

• Stripe — Subscription and payment processing
  Privacy Policy
  Note: We do not store payment card details; Stripe handles all payment data

8.4 Authentication Providers

• Google Sign-In — OAuth authentication
  Privacy Policy
• Apple Sign-In — OAuth authentication
  Privacy Policy

8.5 Push Notifications

• Expo — Push notification delivery
  Privacy Policy
  Note: Push tokens are stored to deliver notifications to your device

8.6 Fraud Detection (Optional)

• MaxMind — IP geolocation for fraud prevention (disabled by default)
  Privacy Policy
  Note: IP addresses are never stored; only derived location data

8.7 Website Analytics

• Plausible Analytics — Privacy-focused website analytics (self-hosted)
  Privacy Information
  Note: Plausible does not use cookies, does not track IP addresses, and does not collect any personal data. It is GDPR, CCPA, and PECR compliant by design. We self-host Plausible on our own infrastructure.

We do not use:

• Invasive analytics services (Google Analytics, Mixpanel, etc.)
• Advertising trackers or pixels
• Social media tracking
• Cookie-based tracking

9. Your Rights

Depending on your location, you may have the right to:

• Access — Request a copy of your personal information
• Correction — Request correction of inaccurate information
• Deletion — Request deletion of your account and data
• Portability — Request your data in a portable format
• Restriction — Request restriction of certain processing
• Objection — Object to certain types of processing
• Withdraw consent — Withdraw consent where processing is based on consent

To exercise these rights, contact us at privacy@trusted.codes

9.1 GDPR Compliance (EU Users)

For users in the European Economic Area:

• Legal basis: We process data based on contract performance (providing the service) and legitimate interests (security, fraud prevention). We do not send marketing emails — all communications are operational (e.g., connection invitations, security alerts)
• Data transfers: Data may be transferred to the United States where our infrastructure is hosted. We use standard contractual clauses to protect transferred data
• Supervisory authority: You have the right to lodge a complaint with your local data protection authority

9.2 CCPA Compliance (California Users)

For California residents:

• We do not sell your personal information
• You have the right to know what information we collect
• You have the right to request deletion
• You have the right to non-discrimination for exercising your rights

10. Children's Privacy

Our service is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@trusted.codes and we will take steps to delete such information.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your own, including the United States where our infrastructure providers operate. We ensure appropriate safeguards are in place:

• Standard contractual clauses approved by the European Commission
• Data processing agreements with all service providers
• Encryption of personal data at rest and in transit

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the new policy on our website
• Updating the "Last Updated" date
• Sending you an email notification for significant changes

We encourage you to review this Privacy Policy periodically.

13. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us:

• Email: privacy@trusted.codes
• Website: https://trusted.codes

For data protection inquiries in the EU, you may also contact our Data Protection contact at the same email address.