Skip to main content
TrustLoop app iconTrustLoop
Sign in

Legal

Security Overview

Last Updated: 2026-03-02

A short, procurement-friendly overview of how TrustLoop protects user data, controls access, and handles security operations.

On this page

1. High-level posture

TrustLoop is designed to be privacy-first. Reflections may include sensitive workplace context, so the product is built to minimise exposure, avoid attribution, and limit what organisations can access.

2. Data access and privacy boundaries

  • Individual reflections and free-form feedback are not provided to organisations as raw text.
  • Where organisation-level reporting exists, it is designed to be anonymised and aggregated.
  • TrustAI outputs are intended to be pattern-based and should not reveal who said what.

3. Account and authentication

  • TrustLoop uses authenticated sessions to control access to user data.
  • Sensitive actions such as account deletion and data export require additional confirmation or re-authentication flows.

4. Logging and operational safety

TrustLoop treats free-form reflection text and TrustAI chat content as sensitive. Operational logging is designed to avoid storing:

  • Reflection text
  • TrustAI chat transcripts
  • Tokens and credentials
  • Device tokens and notification bodies

5. Operational tooling

TrustLoop does not use a dedicated error-tracking vendor (such as Sentry or Datadog). The operational tooling that may process limited, non-personal metadata includes:

  • Plausible Analytics — cookie-free, privacy-focused web analytics. Collects aggregate page views, referral sources, and country-level location. Does not collect personal data or track individuals across sites.
  • Vercel Speed Insights — lightweight web performance telemetry (page load times, core web vitals). Does not collect personal content.

6. Incident response

TrustLoop maintains an internal incident response playbook and escalation process for security and privacy incidents.

7. Compliance targets

TrustLoop aims to align with GDPR-style privacy principles globally and to support enterprise procurement needs (including SOC 2 readiness over time). Any formal certifications (for example, "SOC 2 Type II certified") should only be claimed once completed and verified.

8. Contact

For security questions or to request additional security documentation, please contact us at trustloop@thenudge.ai.

← Back to LegalBack to top