Privacy Policy

Last updated: April 2, 2026

1. Who We Are

TrueComply (“we”, “us”, or “our”) operates the website and scanning service at truecomply.io. We help website owners identify and fix accessibility issues. For the purposes of data protection law, TrueComply acts as the data controller for personal information collected through this service.

Questions about this policy? Email us at privacy@truecomply.io.

2. Information We Collect

We collect the following categories of personal information:

  • Account information: Your name and email address when you register for an account.
  • Usage data: The URLs you submit for scanning, scan results, feature interactions, and error logs.
  • Payment data: Billing details processed through Stripe, including payment method information and transaction history. We do not store full card numbers on our servers.
  • Analytics data: Page views, session data, feature usage, and performance metrics collected via PostHog.
  • Email subscription data: If you subscribe to our newsletter or product updates, your email address is stored with Kit (formerly ConvertKit).

3. How We Use Your Information

We use the information we collect to:

  • Create and manage your account, and authenticate your identity.
  • Run accessibility scans on URLs you submit and display results to you.
  • Process payments and manage your subscription via Stripe.
  • Send transactional emails (account confirmation, scan notifications, billing receipts).
  • Send product updates and newsletters if you have opted in (you can unsubscribe at any time).
  • Analyze how the service is used so we can fix bugs and build better features.
  • Comply with legal obligations.

We do not sell your personal data to third parties, ever.

4. Third-Party Services

We use a small number of trusted third-party providers to operate TrueComply. Each handles your data under their own privacy policies:

  • Stripe — payment processing. Stripe processes your billing information securely. We never store full card details. See Stripe’s Privacy Policy.
  • PostHog — product analytics. PostHog collects anonymized usage events to help us understand how the product is used. See PostHog’s Privacy Policy.
  • Kit (ConvertKit) — email marketing. If you subscribe to our mailing list, your email address is stored with Kit. You can unsubscribe via any email we send or by contacting us directly. See Kit’s Privacy Notice.

We share your information with these providers only to the extent necessary to provide their services to you.

5. Cookies and Tracking

TrueComply uses cookies and similar technologies for the following purposes:

  • Authentication cookies: To keep you logged in to your account across browser sessions.
  • Preference cookies: To remember settings such as UI preferences.
  • Analytics cookies: PostHog sets cookies to track sessions and recognize returning visitors. This data is used only to improve the product.

You can disable cookies in your browser settings. Note that disabling essential cookies may prevent you from logging in or using core features.

6. Data Retention

  • Scan results are retained for 90 days, after which they are automatically deleted.
  • Account data is retained for as long as your account is active.
  • If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or financial compliance purposes.

7. Your Rights (GDPR — EU / EEA Residents)

If you are located in the European Union or European Economic Area, you have the following rights under the General Data Protection Regulation (GDPR):

  • Right of access: Request a copy of the personal data we hold about you.
  • Right to rectification: Ask us to correct inaccurate or incomplete data.
  • Right to erasure: Ask us to delete your personal data (“right to be forgotten”), subject to legal retention obligations.
  • Right to restriction: Ask us to limit how we use your data in certain circumstances.
  • Right to data portability: Request your data in a structured, machine-readable format.
  • Right to object: Object to processing based on our legitimate interests.
  • Right to withdraw consent: Where processing is based on consent (e.g. marketing emails), you can withdraw it at any time.

To exercise any of these rights, email privacy@truecomply.io. We will respond within 30 days.

8. Your Rights (CCPA — California Residents)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):

  • Right to know: Request disclosure of what personal information we have collected, used, or shared about you in the past 12 months.
  • Right to delete: Request deletion of personal information we have collected about you, subject to certain exceptions.
  • Right to opt out of sale: We do not sell personal information. You do not need to opt out.
  • Right to non-discrimination: We will not discriminate against you for exercising your privacy rights.

To submit a CCPA request, email privacy@truecomply.io with the subject line “CCPA Request”.

9. Data Security

We use industry-standard security practices to protect your data, including encrypted connections (HTTPS), access controls, and regular security reviews. No method of transmission over the internet is 100% secure, but we take reasonable precautions to protect your information.

10. Children’s Privacy

TrueComply is not directed at children under 16. We do not knowingly collect personal information from children. If you believe we have inadvertently collected data from a child, please contact us and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will notify you by email or by displaying a notice on the website. The “Last updated” date at the top of this page reflects when the most recent changes were made.

12. Contact Us

Questions about this Privacy Policy, exercising your rights, or concerns about how we handle your data:

TrueComply
Email: privacy@truecomply.io