Copyright 2025 © TrustVerifi. All rights reserved.

Privacy Policy

Cookie Policy

Privacy Summary

Data Processing Addendum

Terms of Service

Acceptable Use Policy

Community Guidelines

Trust & Safety Guidelines

Verification Policy

How to Write Reviews

Security Overview

TrustVerifi Privacy Policy

Effective date: 15 October 2025

Version 14.1, effective 14 March 2025

Entity:Skanda Projects Pty Ltd trading as TrustVerifi (“TrustVerifi”, “we”, “us”, “our”)

Registered office: Brisbane, Australia

Contact: privacy@trustverifi.com (or via in-product Help & Support)

TrustVerifi is a global trust and reputation platform where individuals and businesses build verified credibility using identity/business verification, testimonials, dynamic badges, analytics, and shareable trust widgets.

This Policy explains how we collect, use, disclose, store, and safeguard personal information when you use TrustVerifi. It applies to:

  • Individuals (e.g., freelancers, job seekers, consultants) who create profiles, request/receive reviews, or submit reviews; and
  • Businesses (including their authorized users/representatives) that create profiles, invite reviews, or provide reviews.

We comply with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth), the EU/UK GDPR, and (where applicable) California's CCPA/CPRA. See the frameworks: APPs overview by OAIC, GDPR background, and CCPA/CPRA rights guidance.

1) Personal information we collect

A. Account, profile & usage data

  • Identity/contact: name, email, phone, country; for businesses: legal name, trading name, registration number, tax/ABN, registered address, domain(s).
  • Profile content: bio, skills/services, sub-profiles (products/services/locations), logos/brand assets, links.
  • Activity & device: log data, IP, timestamps, pages/events, referral URLs, approximate location, device/browser metadata (for fraud prevention and security).
  • Communications: messages to our support, feedback, dispute submissions.

B. Verification (KYC/KYB)

To build trust signals, we use third-party verification providers (currently ComplyCube) for identity (KYC) and business (KYB) checks. Data they process may include selfies, ID documents, liveness checks, and registry data. ComplyCube's privacy info is available on their website.

(If we engage other certified providers in the future—e.g., Veriff—we will update this page.)

C. Identity Verification Data (KYC/KYB)

When you complete identity (KYC) or business verification (KYB), we securely redirect your information to our verification provider ComplyCube. TrustVerifi does not store copies of your government ID, passport, business registration, or other sensitive documents. We only retain the verification status and metadata response provided by ComplyCube (e.g., "verified," "failed," "pending"). This ensures your most sensitive documents remain under the custody of a regulated verification provider and not stored on our servers.

D. Reviews & social proof

  • Review content: rating, headline, written feedback, optional video testimonial.
  • Review provenance: whether a review came via direct invite (invite-verified), public link (email-verified), or synced import (e.g., Google/Facebook subject to their terms).
  • Review metadata: reviewer name (or alias), email status (verified/unverified), timestamps, moderation labels, sentiment scores.

Invite-verified reviews: If a reviewer submits via a personal invite link you sent, we mark the review Verified by default (industry practice also seen in review platforms).

E. Payments & billing

Processed by Stripe. We receive limited billing metadata (e.g., last4, brand, expiry month/year, country) and invoice records; Stripe stores card details. (See Stripe's privacy policy on stripe.com.)

F. Cookies & similar tech

We use necessary, functional, analytics, and (where opted-in) marketing cookies/pixels to: sign you in, remember preferences, measure product usage, run A/B tests, and attribute referrals/ads. You can manage settings in our Cookie Preferences.

2) How we use personal information (purposes & lawful bases)

PurposeExamplesLegal basis (GDPR)
Provide the serviceAccount creation, profile pages, sub-profiles, invitations, analytics, dashboards, widgetsContract (Art. 6(1)(b))
Verification & trust signalsKYC/KYB processing, badge issuance, trust score computationLegitimate interests in platform integrity (Art. 6(1)(f)); in some regions, consent (Art. 6(1)(a)) for biometric or sensitive data handled by providers
Testimonials & sharingCollecting and displaying reviews, embeddings, social sharingContract; legitimate interests
Safety & moderationContent safety checks (e.g., Azure Content Safety + AI classification), fraud/spam prevention, dispute resolutionLegitimate interests; legal obligation where applicable
CommunicationsService notices, feature updates, onboarding, surveysContract; legitimate interests; consent for marketing
Billing & taxSubscriptions, invoices, receipts, fraud checksLegal obligation; contract
Analytics & improvementMetrics, diagnostics, troubleshooting, A/B testsLegitimate interests
ComplianceRespond to lawful requests, enforce Terms, record-keepingLegal obligation

(For APPs, these align with requirements on collection/use/disclosure; for CCPA/CPRA, they map to "business purposes" and "commercial purposes".)

3) Moderation, fraud prevention & automated analysis

We automatically and manually review content to reduce harmful or deceptive activity. Automated systems may flag content for: profanity, hate, sexual/violent content, doxxing/personals, advertising/links, defamation risk, off-topic/duplicates, or conflicts of interest. (You outlined a two-layer approach: Azure Content Safety first, then AI classification for labels—industry practice in large platforms.) Where automation produces a decision that affects you, you can appeal via the Dispute flow; a human will review.

4) Disputes & review provenance

  • Invite-verified: default Verified label.
  • Public reviews: email verification required; displayed with "email-verified" status.
  • Imported reviews: marked as "Imported" with the source (e.g., Google).

If you dispute a review, we may request evidence from both parties and temporarily limit visibility while investigating (see our Community Guidelines/Dispute Policy).

5) Sharing & disclosures

We share data only as needed to operate, secure, or comply:

  • Vendors/Sub-processors: hosting (Microsoft Azure), storage (Blob), email/SMS (SendGrid, Twilio), payments (Stripe), verification (ComplyCube), analytics/observability (Application Insights/Log Analytics), search (Azure Cognitive Search), content safety (Azure). Microsoft describes privacy/GDPR commitments for cloud services here.
  • Business accounts & public display: When you publish a profile or testimonial, you choose what appears publicly (e.g., display name, Trust Score, badges, featured testimonials).
  • Legal & compliance: Courts, regulators, law enforcement when legally required or to enforce our Terms.
  • Corporate transactions: M&A, financing, or asset transfers—subject to confidentiality and continuity protections.

We do not sell personal information as "sale" is defined under CCPA/CPRA. If we use cross-context behavioral advertising, we will provide an opt-out ("Do Not Sell or Share").

6) International transfers

We are headquartered in Australia and use global infrastructure. Where data is transferred internationally, we use appropriate safeguards (e.g., standard contractual clauses (SCCs) for EEA/UK, regional data residency when feasible) and vendor addenda. (Microsoft/Azure and major KYC vendors provide GDPR mechanisms.)

7) Data retention

We keep personal information only as long as needed for the purposes above, including:

  • Account data: for the life of the account + a reasonable period (e.g., up to 24 months) for support, audit, and fraud prevention.
  • KYC/KYB records: retained per legal obligations and our provider's compliance schedules.
  • Reviews: retained while profiles remain active or until removed under policy/requests.
  • Billing/invoices: retained per tax/accounting laws (typically 5–7 years).

We anonymize or aggregate data wherever possible.

8) Your rights

A. Under the APPs (Australia)

Access and correction rights; ability to complain to us or the OAIC. See the APPs references for details.

B. Under GDPR (EU/UK)

Access, rectification, erasure, restriction, portability, objection to processing (including profiling based on legitimate interests/marketing), and the right to withdraw consent at any time. You also have the right to lodge a complaint with your local supervisory authority. See EU references.

C. Under CCPA/CPRA (California)

Right to know, delete, correct, opt-out of sale/share (if applicable), and non-discrimination for exercising rights. See CA DOJ/CPRA references.

How to exercise: Use in-product privacy tools or email privacy@trustverifi.com. We may verify your identity/request to protect users.

9) Children's privacy

TrustVerifi is not intended for users under 16. We do not knowingly collect personal information from children under 16. If you believe a minor has provided data, contact us to remove it.

10) Security

We use administrative, technical, and physical safeguards: encryption in transit and at rest, role-based access, network isolation (VNets, private endpoints), WAF/DDoS protections, secret management (Key Vault), monitoring and alerting (Application Insights), and least-privilege controls. While no system is 100% secure, we continually assess and improve safeguards.

11) Business users & team features

If you are a Business:

  • You may invite team members and assign roles; you act as controller of the personal data you upload about team members, clients, and sub-profiles.
  • We act as a processor for certain operations (e.g., processing review invitations, analytics) and as an independent controller for platform integrity, fraud prevention, and compliance (e.g., verification checks, abuse mitigation).
  • If required, we can sign a Data Processing Addendum (DPA) and provide a current sub-processor list on request.

12) Cookies & tracking

We categorize cookies as: Strictly Necessary, Functional, Analytics, and Marketing.

  • Manage preferences via our Cookie Settings.
  • Analytics includes aggregated usage and product telemetry.
  • Marketing cookies (if enabled) are used to measure ads and referrals.

We honor regional consent requirements (e.g., EU/UK).

13) Third-party links & imports

We may link to other sites or allow you to import reviews from third-party platforms; their privacy practices are governed by their policies (e.g., Trustpilot publishes separate legal pages for reviewers/businesses).

14) Changes to this Policy

We may update this Policy to reflect changes in law, features, or vendors. We'll post the updated version with a new effective date, and where changes are material, we'll notify you (e.g., email or in-product notice).

15) Contact & complaints

  • Email: privacy@trustverifi.com
  • Postal: Skanda Projects Pty Ltd (TrustVerifi), [48 Blackheath Road, Oxley 4075], Australia
  • EU/UK representatives / DPO: If applicable, details will be published here.
  • Australia (OAIC): If you are not satisfied with our response, you may contact the OAIC (Office of the Australian Information Commissioner).

Annex A – Data categories by user type

Individuals

  • Account: name, email, phone, location (optional), profile content, sub-profiles.
  • Verification (optional/required by feature): ID document data processed by KYC provider, selfie, liveness; verification outcome.
  • Testimonials: content, media, rating, invite/public origin; moderation labels/sentiment.
  • Analytics: views, clicks, badge exposure, response rates; device/usage data.

Businesses

  • Organization: legal name, registration number (e.g., ABN), address, domain(s), category/tags, logos/brand assets.
  • Authorized users: names/emails/roles; optional staff verification (KYC).
  • KYB: registry information and verification outcome from KYB provider.
  • Billing: subscription plan, invoices, payment status (from Stripe).
  • Directory and marketing preferences.

Annex B – Sub-processors / infrastructure (illustrative)

  • Microsoft Azure (App Service, Azure SQL, Blob Storage, Front Door, Application Insights, Cognitive Services/Content Safety) – hosting, storage, security.
  • ComplyCube – KYC/KYB verification.
  • Stripe – payments & invoicing.
  • Brevo / Twilio – email/SMS communications.
  • Azure OpenAI – AI features for sentiment/assistive copy (no PII used beyond operational necessity; prompts are minimized).