Open Menu icon

Our Privacy Policy

Last Updated: Jun 4, 2024

Expand All
Expand/Collapse Icon

Introduction and Overview

TrueVault (“TrueVault,” “we,” “our” or “us”) respects your privacy and is committed to protecting it through our compliance with this Privacy Policy.

This Privacy Policy describes how we collect, use and share information about you as well as your rights and choices about such collection, use and sharing, and applies to this website as well as the services offered by TrueVault, whether via this website or via our application or other software provided by TrueVault (collectively, the “Services”). (Please note that this Privacy Policy does not apply to customers of a business that uses TrueVault Safe, TrueVault Polaris or any other TrueVault product offerings. Please contact the business of which you are a customer to exercise your privacy rights with respect to such products.)

Please read this Privacy Policy carefully to understand our policies and practices regarding your information and how we will treat it. If you do not agree with our policies and practices, your choice is not to use the Services. By accessing or using the Services, whether or not you purchase any of our Services or create an account with us, you agree to this Privacy Policy.

This Privacy Policy may change from time to time (see Changes to this Privacy Policy). Your continued use of the Services after we make changes is deemed to be acceptance of those changes, so please check this Privacy Policy periodically for updates. If you have any questions about our privacy practices, please contact us as set forth in the Contact Us section below.

We collect the personal information you provide to us when you purchase our products or visit our website. The categories of information we may collect include:

  • Personal Identifiers, including online Identifiers
  • Internet Activity
  • Location Information, including general location data
  • Personal Identifiers, including name, email address, and online Identifiers
  • Commercial Information, including purchases
  • Physical and Audio Data, including audio recordings and video recordings
  • Professional and Education Information, including professional information
  • Consumer Communications, including direct communications with your consumers
  • Inferences from Other Data, including inferences created from other personal information collected

Information from other sources

We may collect personal information about you from third-party sources, including Data Brokers and Other consumers (e.g., referrals).

The categories of information we may collect include:

Data Brokers

  • Personal Identifiers, including Name and Email address
  • Professional and Education Information, including Professional information

Other consumers (e.g., referrals)

  • Personal Identifiers, including Name
  • Professional and Education Information, including Professional information

How long we keep your data

We do not retain data for any longer than is necessary for the purposes described in this Policy.

We generally retain data according to the guidelines below.

Type of DataRetention Period
Cookies and online data we collect while you use our website, including Online Identifiers, Internet Activity, General location data We delete or anonymize data concerning your use of our website within 15 years of collecting it.
Data we collect in order to process and ship orders you place with us, including Name, Email address, Purchases, Professional information, Signature We keep personal information related to products and services you purchase for as long as the personal data is required for us to fulfill our contract with you, and for 15 years from your last purchase with us. We may keep data beyond this period in anonymized form.
Data we collect when you contact us for customer support and other inquiries, including Name, Email address, Purchases, Audio recordings, Photos, Video recordings, Professional information, Direct communications with your consumers, Inferences created from other personal information collectedWe keep customer feedback and correspondence with our customer service for up to 15 years to help us respond to any questions or complaints. We may keep data beyond this period in anonymized form.
Data we collect when you sign up for promotional and marketing communications, including Name, Email address, Online Identifiers, Internet Activity, Purchases, Professional information, Direct communications with your consumers, Inferences created from other personal information collectedWhere you have signed up to receive promotional and marketing communications from us, we will retain any data collected until you opt out or request its deletion. We may keep data beyond this period in anonymized form. We will further retain a record of any opt-outs in order to prevent sending you future communications.
Data we collect when you review our products, answer surveys, or send feedback, including Name, Email address, Online Identifiers, Internet Activity, Purchases, Professional information, Direct communications with your consumers, Inferences created from other personal information collectedWe retain review, survey, and feedback data for up to 15 years following your last contact with us. We may keep data beyond this period in anonymized form to help improve our products and services.
Data we collect in connection with privacy requests, including Name, Email address, Online IdentifiersWe retain records related to privacy requests as long as necessary to comply with our legal obligations, and for a minimum of 24 months.
Data we collect for security purposes, including Name, Email address, Online IdentifiersWe retain security-related data as long as necessary to comply with our legal obligations and to maintain and improve our information security measures.

Why we process your information

We process personal information for the following business and commercial purposes:

  • Conducting Surveys
  • Fulfilling Customer Orders
  • Improving our Products & Services
  • Meeting Compliance & Legal Requirements
  • Operating Our Website or Mobile Apps
  • Processing Payments
  • Providing Customer Support
  • Sending Promotional Communications
  • Tracking Purchases & Customer Data

We may disclose personal information about you for business and commercial purposes when you purchase our products or visit our website:

Personal Information CategoryCategories of Service ProvidersCategories of Third Parties
Personal IdentifiersBusiness Operations Tool, Collaboration & Productivity Tools, Contractors, Customer Support Tools, Data Analytics Providers, Governance, Risk & Compliance Software, IT Infrastructure Services, Sales & Marketing Tools, Website Operations Tool, Commerce Software Tools, and Payment ProcessorsNone
Internet ActivityBusiness Operations Tool, Contractors, Customer Support Tools, Data Analytics Providers, IT Infrastructure Services, Sales & Marketing Tools, and Website Operations ToolNone
Commercial InformationNoneNone
Physical and Audio DataCollaboration & Productivity Tools, Contractors, and Data Analytics ProvidersNone
Professional and Education InformationBusiness Operations Tool, Collaboration & Productivity Tools, Commerce Software Tools, Contractors, Customer Support Tools, Data Analytics Providers, IT Infrastructure Services, and Sales & Marketing ToolsNone

TrueVault complies with the EU-U.S. and Swiss-U.S. Data Privacy Frameworks, as well as the U.K. extension of the EU-U.S. Data Privacy Framework, regarding the collection, use, and retention of personal information transferred from European Union / European Economic Area member countries, the United Kingdom, and Switzerland to the United States. We have certified with the U.S. Department of Commerce that we adhere to the Data Privacy Framework Principles. To learn more about the Data Privacy Framework Principles, visit the official website.

In the course of providing our services to our customers in our role as a “processor,” we may receive the personal data of individuals located in the European Union / European Economic Area, the United Kingdom, and Switzerland. This personal data consists of names, email addresses, and online identifiers that are necessary for our customers to authenticate and respond to privacy requests from European data subjects. We also provide secure storage for personal data being provided in response to data subject access requests. We do not use this data for any other purposes, and we are contractually bound to adhere to our customers’ instructions. 

We disclose personal data received under the Data Privacy Framework to third-party cloud computing & storage providers and email service providers acting on our behalf, solely for the purpose of enabling our services. These third parties’ use, access, and disclosure must be in compliance with our Data Privacy Framework obligations. We remain liable for any violations of the Data Privacy Framework Principles by these third parties unless we prove that we are not responsible for the event giving rise to the damage.

Individuals whose personal data is transferred under the Data Privacy Framework have the right to access personal information about them that an organization holds, and to be able to correct, amend, or delete that information where it is inaccurate, or has been processed in violation of the Data Privacy Framework Principles. Individuals also have the right to choose whether their personal information is to be disclosed to a third party or to be used for a purpose that is materially different from the purpose(s) for which it was originally collected. If you would like to exercise any of these rights, please write to us at moc.tluaveurt@ycavirp. As a data processor, we may not have the independent authority to act on your request, in which case we will refer you to the organization with which you have a direct relationship.

If you have any questions or complaints about our handling of your personal data under the Data Privacy Framework, please contact us at moc.tluaveurt@ycavirp

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, TrueVault commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF.  In some situations, the DPF Framework gives you the right to invoke binding arbitration. You can do this to resolve complaints not resolved by other means, as described in Annex I to the Framework.

You can review our Data Privacy Framework registration here. We are subject to the investigatory and enforcement powers of the Federal Trade Commission. We may be required to disclose personal information that we handle under the Data Privacy Framework in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

The Services are intended for a general audience and are not directed to children under 13 years of age. TrueVault does not knowingly collect personal information as defined by the Children’s Online Privacy Protection Act (“COPPA”) in a manner that is not permitted by COPPA. If you are a parent or guardian and believe TrueVault has collected such information in a manner not permitted by COPPA, please contact us at moc.tluaveurt@ycavirp and we will remove such information to the extent required by COPPA.

Data Security

We have implemented measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure.

Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to the Services. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Services.

Changes to this Privacy Policy

We reserve the right to revise this Privacy Policy at any time. Any changes will be effective immediately upon posting of the revised Privacy Policy and updating the “last modified” date above. Your continued use of the Services indicates your consent to the Privacy Policy then posted. If the changes are material, we may provide you additional notice to your email address. You are responsible for ensuring we have an up-to-date active and deliverable email address for you, and for periodically visiting our website and this Privacy Policy to check for any changes.

If you have any questions or comments about this Privacy Policy or our privacy practices, please contact us as follows:

TrueVault Inc.

201 Mission Street, 12th Floor

San Francisco, California 94105

moc.tluaveurt@ycavirp