Privacy Policy
truval.dev ("Truval", "we", "our", or "us") respects your privacy and is committed to protecting your personal information. We provide API-first infrastructure designed for AI agents and developer workflows.
Our approach to privacy
This privacy policy sets out how we collect, use and share data that identifies and is related to you ("personal information") as a result of your use of our services, our website at https://truval.dev and our web portal (the "Site"), or other interactions with us for business purposes.
It applies to all individuals who may interact with us for the purposes of using or enquiring about our services whether acting on your own behalf or on behalf of an organisation ("you" or "your").
It also explains your rights in relation to your personal data and how to contact us or a relevant regulator in the event you have a complaint.
About us
Truval operates out of Matosinhos, Portugal. For all legal and privacy inquiries, contact us at [email protected].
Truval provides API-first infrastructure and software development kits (SDKs) designed for AI agents and developer workflows, including email verification and related machine-actionable data processing services.
When you use our marketing site, the developer dashboard, or contact us about your own relationship with Truval, Truval is generally the data controller of the personal information we hold about you in that capacity.
When you submit personal data about your end users through our APIs (for example email addresses for verification), you are typically the controller of that data and Truval acts as a processor on your instructions. Verification payloads are processed ephemerally at the network edge and are not stored at rest in Truval's databases as verification records; operational logs exclude those email addresses. Details are in our Data Processing Agreement (Annex 1), which forms part of our agreement with business customers.
If you have any questions about this policy or our approach to privacy, please contact us at [email protected].
Personal information we collect about you and how we use it
In our capacity as controller (when you use our marketing site, dashboard, or billing relationship with us), we may collect and hold some or all of the personal information set out below, depending on your use of our Site and services:
- Account information – name, email, OAuth identifiers and usernames (for example GitHub, GitLab, or Google where you use those sign-in methods), communication preferences, profile picture, company name and information;
- Contact information – name, email address;
- Correspondence and communications information – information contained in your emails, messages, and other communications with us;
- Marketing preferences – your marketing preferences and consents;
- Technical information – data relating to your device including mapping IP addresses, browser type, internet service provider, device identifier, time zone setting, browser plug-in types and versions, preferred language, activities, operating system and platform, and geographical location;
- Usage information – data relating to your usage of our Site - URL, clickstream to, through and from the Site, pages you viewed and searched for, page response times, length of visits to certain pages, referral source/exit pages, page interaction information (such as scrolling, clicks and mouse-overs); and
- Payment information – payment details are collected and processed by our payment processor (Stripe). Truval does not store full payment card numbers; we may receive limited billing metadata (for example card brand and last four digits) for display and reconciliation.
How we collect personal information
We may collect your personal information when:
- you use our services;
- you communicate with us (whether through email, discord, or by phone); and
- the organisation you work for or which you otherwise represent provides us with such personal information in order to use our services.
More generally, we collect personal information that you voluntarily submit to us, such as your Account information and Contact information, when you register with us, use our Site and our services, or otherwise interact with us. We may also collect certain technical personal information automatically as you interact with our Site.
The following table summarises the main categories of personal information we process about you in our capacity as controller, why we use it, and the legal bases we rely on under the GDPR (where it applies). Specific legal bases may vary depending on your location and the context of processing.
| Category | Purpose | Legal basis (GDPR) |
|---|---|---|
| Account and registration | Create and secure your account, authentication, profile, and dashboard access. | Performance of a contract; legitimate interests (security, fraud prevention). |
| Contact and correspondence | Respond to enquiries and provide support. | Performance of a contract; legitimate interests. |
| Billing and payments | Process payments, invoices, taxes, and billing contacts via Stripe. | Performance of a contract; legal obligation (for example tax and accounting). |
| Service delivery and usage | Operate the APIs and dashboard you use, metering, and service improvement. | Performance of a contract; legitimate interests (service integrity, improvement). |
| Technical and usage information | Secure and operate our sites, diagnose issues, prevent abuse, and understand how our services are used. | Legitimate interests; legal obligation where applicable. |
| Marketing preferences | Send product news and updates where permitted. | Consent, or soft opt-in / legitimate interests where applicable law allows. |
We do not use Google Analytics or third-party advertising cookies on truval.dev. Aggregate product analytics on the developer dashboard may be provided by our hosting partner (for example Vercel Analytics) using privacy-oriented techniques.
Anonymous data
We may anonymise and aggregate personal information we collect about your account and dashboard usage (so that it does not directly identify you). For the avoidance of doubt, this strictly excludes ephemeral verification payloads, which are never stored. We may use anonymised information for purposes that include testing our systems, research, data analysis, and improving our service.
AI Training Exemption
We build infrastructure for AI agents; we do not build AI models from your data. We strictly guarantee that neither your Account data nor the verification payloads you submit to our APIs will ever be used to train, fine-tune, or otherwise improve any internal or third-party Large Language Models (LLMs) or artificial intelligence systems.
Data retention
We will store the personal information we collect about you for no longer than necessary for the purposes set out in the table above, in accordance with our legal obligations and legitimate business interests.
To determine the appropriate retention period for personal information, we consider the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal, regulatory, or other requirements.
Recipients of personal information
We may share your personal information with the following:
- Service providers: infrastructure and service partners who process data on our instructions. A current list of sub-processors is published for transparency and is incorporated as Annex 3 to our Data Processing Agreement.
- Professional advisors: our lawyers, accountants, insurers, and other professional advisors.
- Purchasers and third parties in connection with a business transaction like a merger or acquisition.
- Law enforcement: where required by law or to protect our rights, safety and security or those of others.
Marketing and advertising
From time to time, we may contact you with information about truval.dev and the Site. We will only send you marketing messages if you have given us your consent to do so, unless consent is not required under applicable law (e.g. for existing customers). You can withdraw your consent at any time by clicking the 'unsubscribe' link at the bottom of our marketing communications. We do not sell your personal information and we do not use third-party advertising or behavioural tracking networks on our marketing site.
Storing and transferring your personal information
Security. We implement appropriate technical and organisational measures to protect your personal information against accidental or unlawful destruction, loss, change or damage. We host core infrastructure and process data in Frankfurt, Germany (European Union, EU-Central-1) to ensure high standards of data protection and GDPR compliance.
International Transfers. We may transfer your personal information to countries outside of the EEA, for example, to third party service providers. Such international transfers of your personal information will be made pursuant to appropriate safeguards, such as Standard Contractual Clauses.
Your rights in respect of your personal information
In accordance with applicable privacy law (such as the GDPR), you have the right to access, rectify, erase, restrict, and object to the processing of your data, as well as the right to data portability. You also have the right to withdraw consent at any time.
To exercise one of these rights, please contact us at [email protected]. If you are in the EU/EEA or the UK, you also have the right to lodge a complaint with your national data protection authority (in the UK, the ICO).
Cookies and similar technologies
We use a limited set of cookies and similar technologies so our dashboard and billing flows work securely. Full detail is in our Cookie policy. Summary:
| Type / provider | Role |
|---|---|
| Supabase (authentication) | Session security, CSRF protection, and sign-in with email or OAuth (GitHub, GitLab, Google) on dash.truval.dev. |
| Stripe (billing) | Fraud prevention and secure operation when you use the customer billing portal. |
| Security markers | Short-lived indicators that you have passed required checks. |
| Product analytics (Vercel) | Aggregate usage and performance metrics on dash.truval.dev; not used for advertising. |
Links to third party sites
Our Site may contain links to third party websites. These websites have their own privacy policies and we do not accept any responsibility or liability for their policies.
Children
The Site is not intended for or directed at children under the age of 18 years, and we do not knowingly collect information relating to children.
Changes to this privacy policy
We may update this privacy policy from time to time. When we change it in a material way, we will update the "Last updated" date. Changes are effective when they are posted on this page.
Related documents
- Terms of service
- Privacy policy (this page)
- Cookie policy
- Data processing agreement (DPA)
- Sub-processors
Legal enquiries: [email protected]. Support: [email protected].