Privacy Policy
At TrueTerms, we believe transparency starts with us. This policy explains how we handle your data.
1. Data Collection & Usage
TrueTerms accesses your Gmail inbox using the gmail.readonly scope to scan for service providers, newsletters, and legal updates. We transiently process email headers and metadata to generate privacy insights. We do not store raw email bodies.
2. Data Sharing & Disclosure
We do not sell your personal data. TrueTerms does not share, transfer, or disclose Google user data to third parties, except in the following limited circumstances:
- To provide and improve our core features (e.g., summarizing policies via our secure LLM integration).
- To comply with applicable laws or valid legal processes.
- With your explicit consent or at your direction.
3. Data Protection Mechanisms
We implement industry-standard security measures to protect your sensitive data, including:
- Encryption: All data is encrypted in transit using TLS 1.2+ and at rest using AES-256 encryption.
- Access Control: Strict internal access controls ensure that only authorized system processes can interact with your data.
- Regular Audits: We conduct periodic security reviews to identify and mitigate potential vulnerabilities.
4. Data Retention & Deletion
We retain generated summaries ("Privacy Insights") only as long as your account is active.
- User-Initiated Deletion: You can delete individual insights or your entire account at any time through the dashboard. Upon account deletion, all associated Google user data is purged from our systems immediately.
- Automated Purging: If you revoke Google OAuth access, we will purge your associated data within 30 days.
5. Google API Compliance
TrueTerms' use and transfer of information received from Google APIs to any other app will adhere to Google API Services User Data Policy, including the Limited Use requirements.