1. Introduction
Truethinks Ltd ("Productrue", "we", "us", "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use the Productrue platform.
Legal Framework: This policy complies with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR).
2. Data Controller
The data controller responsible for your personal data is:
- Company: Truethinks Ltd
- Address: 128 City Road, London, EC1V 2NX, United Kingdom
- Email: [email protected]
- Phone: +44 77 9314 3501
3. Personal Data We Collect
3.1 Information You Provide
| Data Category | Examples | Purpose |
|---|---|---|
| Account Information | Name, email address, password | Account creation and authentication |
| Business Information | Company name, address, VAT number | Service provision and billing |
| Contact Information | Phone number, business address | Communication and support |
| Payment Information | Card details (processed by Stripe) | Payment processing |
3.2 Information Collected Automatically
| Data Category | Examples | Purpose |
|---|---|---|
| Usage Data | Features used, pages visited, actions taken | Service improvement and analytics |
| Technical Data | IP address, browser type, device information | Security and troubleshooting |
| Log Data | Access times, error logs | Security monitoring and debugging |
3.3 Business Data
Data you upload to the platform (products, catalogues, customer information) is stored securely and processed solely for providing our services. We do not access this data except as necessary for technical support or as required by law.
4. Legal Basis for Processing
We process your personal data under the following lawful bases:
- Contract: Processing necessary for the performance of our contract with you
- Legitimate Interests: Processing necessary for our legitimate business interests (security, fraud prevention, service improvement)
- Legal Obligation: Processing required to comply with legal requirements (tax, accounting)
- Consent: Processing based on your explicit consent (marketing communications)
5. How We Use Your Data
- To provide and maintain the Productrue platform
- To process your transactions and send related information
- To respond to your enquiries and provide customer support
- To send service-related notifications and updates
- To detect, prevent, and address technical issues and security threats
- To analyse usage patterns and improve our services
- To comply with legal obligations
- With your consent, to send marketing communications
6. Data Sharing
6.1 Third-Party Service Providers
We share data with trusted service providers who assist in operating our platform:
- Stripe: Payment processing (PCI-DSS compliant)
- AWS/Cloud Providers: Hosting and data storage
- Resend: Email delivery services
- Google Analytics: Website analytics (anonymised)
6.2 Legal Requirements
We may disclose your data if required by law, court order, or to protect our legal rights.
6.3 Business Transfers
In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity.
7. International Data Transfers
Your data is primarily stored and processed within the United Kingdom and European Economic Area (EEA). Where we transfer data outside these regions, we ensure appropriate safeguards are in place:
- Standard Contractual Clauses (SCCs)
- Adequacy decisions by the UK Government
- Binding Corporate Rules where applicable
8. Data Retention
| Data Type | Retention Period |
|---|---|
| Account Data | Duration of account + 30 days |
| Business Data (your content) | Duration of account + 30 days |
| Billing Records | 7 years (legal requirement) |
| Log Data | 12 months |
| Marketing Preferences | Until consent withdrawn |
9. Your Rights Under UK GDPR
You have the following rights regarding your personal data:
Right of Access
Request a copy of your personal data we hold
Right to Rectification
Request correction of inaccurate data
Right to Erasure
Request deletion of your personal data
Right to Restrict Processing
Request limitation of data processing
Right to Data Portability
Receive your data in a structured format
Right to Object
Object to processing based on legitimate interests
To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days.
10. Cookies and Tracking
10.1 Essential Cookies
Required for platform functionality (authentication, security). Cannot be disabled.
10.2 Analytics Cookies
Help us understand how users interact with our platform. Can be disabled in browser settings.
10.3 Managing Cookies
You can control cookies through your browser settings. Note that disabling certain cookies may affect platform functionality.
11. Data Security
We implement appropriate technical and organisational measures to protect your data:
- TLS/SSL encryption for data in transit
- AES-256 encryption for data at rest
- Regular security audits and penetration testing
- Access controls and authentication measures
- Employee training on data protection
- Incident response procedures
- Regular backups and disaster recovery plans
12. Children's Privacy
Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware of such collection, we will delete the data promptly.
13. Changes to This Policy
We may update this Privacy Policy periodically. Material changes will be notified via email or through the platform. The "Last Updated" date at the top indicates when changes were made.
14. Complaints
If you have concerns about how we handle your data, please contact us first. If unsatisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
- Website: ico.org.uk
- Phone: 0303 123 1113
- Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
15. Contact Us
For privacy-related enquiries or to exercise your rights: