Skip to main content
TrustLoop app iconTrustLoop
Sign in

Legal

Privacy Policy

Last Updated: 2026-02-28

This Privacy Policy explains how TrustLoop collects, uses, and protects personal information when you use our professional growth and effectiveness platform.

On this page

1. Introduction

TrustLoop ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our professional growth and effectiveness platform.

Data controller / responsible entity: The Nudge L.L.C-FZ (doing business as “TrustLoop”)
Registered Address: Meydan Grandstand, 6th Floor, Meydan Road, Nad Al Sheba, Dubai, United Arab Emirates

2. Information We Collect

2.1 Information You Provide

  • Account Information: Name, email address, password, organization affiliation
  • Professional Data: Reflections, TrustAI messages (if enabled), trust scores, development actions, collaboration data
  • Context Information: Role type, team topology, industry, region (optional)

2.2 Information Collected via Our Website

When you visit the TrustLoop marketing website, we may collect the following:

  • Analytics data (Plausible): We use Plausible Analytics, a privacy-focused, cookie-free analytics service. Plausible collects aggregate page view counts, referral sources, browser type, and country-level location. It does not use cookies, does not track individuals across sites, and does not collect personal data. See Plausible's data policy.
  • Email capture: If you subscribe to receive insights on our website, we collect your email address. We store this in our intake system for follow-up and send an internal notification. We do not sell or share your email with third parties for marketing purposes.
  • Interactive survey diagnostic: If you complete an on-page survey (for example, a short operating environment diagnostic), we process your survey responses and any optional context you choose to provide to generate an on-page result. Do not include names, emails, or confidential details. We do not store the free-text you provide in that optional field, and we do not associate your survey responses with an account unless you separately submit your email through another form.

2.3 Information Automatically Collected (iOS App)

We automatically collect limited technical data needed to operate and secure the Service. This may include:

  • iOS device type and app version
  • Basic usage signals (which features you use)
  • Timezone information (to schedule notifications correctly)
  • Device token: a device-level identifier issued by Apple, used only to deliver push notifications. Device tokens are stored securely, are never logged in application logs, and are not shared with third parties for advertising or tracking.
  • Error and diagnostic logs: anonymous technical metadata (for example, error codes, request durations, feature flags) used solely to diagnose and fix technical issues. Diagnostic logs never include reflection text, chat content, emails, or other personal content.

3. How We Use Your Information

We use your information to operate the Service (account access, core features, and notifications), to generate insights and development actions, to keep the platform secure, and to improve TrustLoop over time.

TrustAI: If you enable TrustAI, we use a third-party AI service provider (OpenAI and/or Anthropic, depending on configuration and availability) to help generate coaching responses, guided reflection prompts, and suggested Actions. We ask your permission in-app before any content is sent for AI processing.

Website diagnostics: If you use an on-page survey diagnostic on our website, we process the information you provide in the moment to generate your result. We do not intentionally request personal identifiers for this purpose.

When enabled, the following categories of information may be shared with OpenAI and/or Anthropic to provide TrustAI features:

  • Text you type into TrustAI
  • Guided reflection chat messages (if you use a guided option)
  • Relevant in-app signals needed to answer (for example: scores and Action metadata)
  • Work context details you choose to share (optional)

We do not send your password.

We do not sell your personal data.

5. Data Retention

5.1 Default retention (Option A — default)

We retain your personal data while your account is active so the Service can provide longitudinal insights and progress tracking. When you request account deletion:

  • Your account is scheduled for permanent deletion and a 30-day cooling period begins
  • You will be signed out, and access to your account may be restricted while deletion is pending
  • After the cooling period ends, we permanently delete your account and associated personal data from our active systems, except where we are legally required to retain certain business records

Data Deletion: You can request account deletion at any time through the app settings. Permanent deletion is not immediate and completes after the 30-day cooling period. For step-by-step instructions, see our Account Deletion page.

5.2 Enterprise-configurable retention (Option C — by contract)

For certain enterprise customers, TrustLoop may agree to a different retention schedule for specific categories of customer data. Any such schedule must be explicitly stated in the applicable contract documents (for example, an Order Form and/or executed DPA) and will override this default for that customer to the extent of any conflict.

5.3 Business and legal records

TrustLoop may retain certain business records (for example, contracts, invoices, and tax/accounting records) for at least 7 years or longer where required by applicable law, even if a user account is deleted. These records are retained for legal/compliance purposes and are separate from in-product reflection content.

6. Cross-Border Data Transfers

Your data may be processed and stored outside your country of residence, including in the United States and European Union. We use cloud infrastructure providers (Supabase) that maintain appropriate security measures and comply with applicable data protection laws.

When transferring data outside your jurisdiction, we ensure appropriate safeguards are in place, including:

  • Standard contractual clauses (SCCs) where applicable
  • Compliance with GDPR, PIPA, and PDPL requirements
  • Encryption in transit and at rest

7. Data Sharing and Disclosure

We do not sell your personal data. We may share your information only in the following circumstances:

  • Within Your Organization: Aggregate analytics and team insights (never individual reflections or names)
  • Service Providers: Trusted third-party services (hosting, analytics) under strict confidentiality agreements
  • AI Service Provider (OpenAI and/or Anthropic): If you enable TrustAI, certain user-provided text (for example: TrustAI chat messages, guided reflection messages, and work context you choose to share) and relevant in-app signals needed to generate responses (for example: scores and Action metadata) may be processed by OpenAI and/or Anthropic to provide TrustAI features.
  • Legal Requirements: When required by law or to protect our rights

Anonymity: Individual reflections and qualitative feedback are never shared with your organization. Only anonymized, aggregated data is visible in organizational dashboards.

8. Your Rights

Depending on your location, you may have the following rights:

  • Right to Access: Request a copy of your personal data (via "Export My Data" in settings)
  • Right to Rectification: Update your profile information at any time
  • Right to Erasure: Delete your account and data (via "Delete Account" in settings)
  • Right to Restrict Processing: Limit how we process your data
  • Right to Data Portability: Export your data in a machine-readable format
  • Right to Object: Object to certain types of processing
  • Right to Withdraw Consent: Withdraw consent at any time (via account deletion)

To exercise these rights, contact us at trustloop@thenudge.ai or use the in-app features.

9. Security

We implement appropriate technical and organizational measures to protect your personal data:

  • Encryption in transit (TLS/SSL) and at rest
  • Secure authentication and access controls
  • Regular security assessments and updates
  • Role-based access controls (RBAC)
  • Anonymization of sensitive data

10. Children's Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

  • Update the "Last Updated" date
  • Notify you via email or in-app notification
  • Require re-consent for material changes (new consent version)

Your continued use of our services after changes constitutes acceptance of the updated policy, unless re-consent is required by law.

12. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us:

Email: trustloop@thenudge.ai

Data Protection Officer (DPO): We have not appointed a formal Data Protection Officer. Privacy inquiries are handled via trustloop@thenudge.ai.

13. Regional Disclosures

13.1 European Economic Area (EEA)

If you are located in the EEA, you have additional rights under the General Data Protection Regulation (GDPR). We act as a data controller for your personal data.

13.2 South Korea

If you are located in South Korea, this Privacy Policy complies with the Personal Information Protection Act (PIPA). We require explicit consent before processing your personal information, as provided during signup.

13.3 United Arab Emirates

If you are located in the UAE, this Privacy Policy complies with the Personal Data Protection Law (PDPL). We process your data with your explicit consent and in accordance with PDPL requirements.

14. Automated decision-making

TrustLoop does not engage in solely automated decision-making that produces legal or similarly significant effects on individuals (for example, automated employment decisions).

← Back to LegalBack to top