Privacy Policy

This Privacy Policy describes how TruIP, Corp. ("TruIP," "we," "our," or "us") collects, uses, shares, and safeguards your information when you access or use our trademark image analysis platform (the "Service"). By using the Service, you agree to the terms described herein. This Policy should be read in conjunction with our Terms of Service. If you do not agree with this Privacy Policy, please do not use the Service.

We are committed to protecting your privacy and complying with applicable data protection laws, including but not limited to the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA), the General Data Protection Regulation (GDPR) for users in the European Economic Area (EEA), the UK GDPR for users in the United Kingdom, and other U.S. state privacy laws (collectively, "Applicable Privacy Laws"). This Policy applies to all users, including those accessing the Service from outside the United States for purposes such as learning about U.S. trademark law.

A. Information We Collect and Process

We collect only the minimal personal information necessary to operate the Service effectively and securely. "Personal information" or "personal data" means any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household, as defined under Applicable Privacy Laws.

The categories of data we collect include:

1. Uploaded Images: Images you submit for trademark similarity analysis. These are processed temporarily and automatically deleted upon completion of the analysis, unless retained for a limited period for legal compliance, dispute resolution, or technical support. We do not use uploaded images for any other purpose, including AI training.
2. Payment Information: We do not store or process payment card numbers, security codes, expiration dates, or cryptocurrency wallet private keys. All payments are handled exclusively by third-party processors, such as Stripe for credit/debit card transactions and approved cryptocurrency gateways (e.g., those supporting Bitcoin or Ethereum). These processors may collect billing details, transaction IDs, and related metadata as described in their own privacy policies.
3. Device and Technical Metadata: Limited technical data, such as IP addresses, browser types, device identifiers, operating system details, session identifiers, timestamps, and referral sources. This data is collected for fraud prevention, security, diagnostics, and ensuring Service functionality. Under some Applicable Privacy Laws (e.g., CCPA/CPRA), IP addresses and device identifiers may qualify as personal information.
4. Anonymized Usage Data: Aggregated and de-identified metrics, such as upload frequency, error rates, and general usage patterns. This data is anonymized in a manner that prevents re-identification and is used solely to improve the Service's performance and reliability.

We do not collect sensitive personal information (e.g., racial or ethnic origin, health data, biometric data for identification, or precise geolocation) unless inadvertently included in an uploaded image, in which case it is processed only as necessary for the analysis and deleted promptly thereafter.

We do not collect personal data for marketing, user profiling, targeted advertising, or cross-context behavioral advertising. The Service does not require account creation, and we do not track users across sessions for commercial purposes.

The Service is not intended for individuals under the age of eighteen (18), and we do not knowingly collect data from minors. If we become aware of such collection, we will delete the data immediately.

For users in jurisdictions where data minimization is required (e.g., under GDPR or certain U.S. state laws), we limit collection to what is adequate, relevant, and necessary for the purposes described below.

B. Cookies and Tracking Technologies

1. We use essential cookies and similar technologies (e.g., local storage, pixels) solely to support the functionality, security, and performance of our website and Service. These may collect limited metadata, such as IP addresses, browser type, and session data.
2. We do not use cookies or trackers for behavioral advertising, cross-site tracking, or third-party analytics. No third-party cookies are deployed on our site.
3. You can manage or disable cookies through your browser settings. The Service remains fully functional without cookies, though some features (e.g., session persistence) may be affected. For more information on cookie management, visit resources like the Network Advertising Initiative (www.networkadvertising.org) or the Digital Advertising Alliance (www.aboutads.info).

Under Applicable Privacy Laws, such as CCPA/CPRA or Colorado's CPA, you have the right to opt out of the "sale" or "sharing" of personal information. However, we do not sell or share personal information as defined under those laws.

C. How We Use Your Information

We use your data only for the following limited, necessary purposes:

1. To process uploaded images and generate trademark similarity reports.
2. To facilitate and verify payments through third-party processors.
3. To maintain the security and integrity of the Service, including fraud detection, abuse prevention, and compliance with legal obligations.
4. To diagnose and resolve technical issues using device metadata.
5. To analyze anonymized usage data for improving Service functionality, performance, and user experience.

We do not use your data for automated decision-making that produces legal or similarly significant effects.

Legal Bases for Processing (for EEA, UK, and Similar Jurisdictions):

• Processing uploaded images and generating reports: Performance of a contract (GDPR Art. 6(1)(b)).
• Payment verification: Performance of a contract (GDPR Art. 6(1)(b)).
• Security and fraud prevention: Legitimate interests (GDPR Art. 6(1)(f)), balanced against your rights.
• Anonymized analytics: Legitimate interests (GDPR Art. 6(1)(f)), with safeguards to ensure minimal impact on privacy.

We conduct legitimate interest assessments where required and ensure processing is proportionate.

D. Disclosure of Your Information

We do not sell, rent, or trade your personal information. We do not "share" personal information for cross-context behavioral advertising as defined under CCPA/CPRA or similar laws. Disclosures are limited to:

1. Third-Party Payment Processors: To Stripe or cryptocurrency gateways (e.g., Coinbase Commerce or similar approved providers) for payment processing. These entities operate under their own privacy policies and are independent controllers. We disclose only necessary transaction details (e.g., amount, currency).
2. Service Providers: To vendors providing infrastructure (e.g., cloud hosting like AWS), security, or analytics services, bound by data processing agreements requiring confidentiality, security, and use solely for our instructions. These include processors in the U.S. and, where applicable, abroad with appropriate safeguards.
3. Legal and Regulatory Authorities: To government entities, law enforcement, or courts when required by law, subpoena, or legal process (e.g., for anti-money laundering compliance in cryptocurrency transactions).
4. Business Transfers: In the event of a merger, acquisition, bankruptcy, or asset sale, provided the recipient agrees to equivalent privacy protections.
5. Other: As required to protect our rights, users, or the public (e.g., in response to threats or violations).

All disclosures comply with Applicable Privacy Laws, including data minimization and necessity principles.

E. Data Security

We implement reasonable administrative, technical, and physical safeguards to protect your information from unauthorized access, loss, misuse, alteration, or destruction. These include:

• Encryption of data in transit (e.g., HTTPS) and at rest where appropriate.
• Access controls limiting employee and vendor access to need-to-know basis.
• Regular security audits, vulnerability scanning, and incident response protocols.
• Secure deletion practices for uploaded images.

Despite these measures, no system is completely secure. We cannot guarantee absolute security, but we commit to notifying affected users and authorities of data breaches as required by Applicable Privacy Laws (e.g., within 72 hours under GDPR or 48 hours under certain U.S. state laws where applicable).

F. Data Retention

We retain data only as long as necessary for the purposes outlined above or as required by law:

1. Uploaded images: Deleted immediately after analysis completion, unless retained for up to 30 days for technical support or up to the applicable statute of limitations for legal disputes.
2. Payment information: Not retained by us; handled solely by third-party processors.
3. Device metadata: Retained for up to 1 year for security and audit purposes, or longer if required for legal compliance (e.g., up to 7 years for tax audits).
4. Anonymized usage data: Retained indefinitely in de-identified form for analytics.

Upon expiration, data is securely deleted or anonymized. Retention periods comply with Applicable Privacy Laws, and we review them periodically.

G. Your Rights

You have rights under Applicable Privacy Laws, subject to verification of your identity and applicable exceptions (e.g., for legal retention). These include:

1. Access: Request details on the personal data we hold about you, including categories collected, sources, purposes, and recipients.
2. Correction/Rectification: Request updates to inaccurate or incomplete data.
3. Deletion/Erasure: Request deletion, subject to exceptions (e.g., legal obligations).
4. Restriction/Objection: Restrict processing or object to processing based on legitimate interests or for direct marketing (though we do not engage in marketing).
5. Portability: Receive your data in a structured, machine-readable format where processing is based on consent or contract.
6. Withdraw Consent: Where processing relies on consent (though we primarily use other bases).
7. Opt-Out of Sale/Sharing/Targeted Advertising: We do not sell, share, or use data for targeted advertising, but you may submit opt-out requests for confirmation.
8. Non-Discrimination: We will not discriminate against you for exercising rights (e.g., no denial of Service or price increases).

For California Residents (CCPA/CPRA):

In addition to the above, you may:

• Request to know specific pieces of personal information collected in the past 12 months.
• Opt out of sales/sharing (not applicable, as we do not sell/share).
• Limit use of sensitive personal information (not applicable, as we do not collect/use sensitive data for inferred characteristics).
• Designate an authorized agent to act on your behalf.

We respond to verifiable requests within 45 days (extendable to 90 days).

For Residents of Other U.S. States (e.g., Virginia, Colorado, Connecticut, Utah, Delaware, Iowa, Nebraska, New Hampshire, New Jersey, Tennessee, Minnesota):

Similar rights apply under laws like VCDPA, CPA, CTDPA, UCPA, DPDPA, ICDPA, NCPA, NH Privacy Act, NJDPA, TIPIA, and MCDPA, including access, correction, deletion, portability, and opt-out of targeted advertising/profiling/sales (none of which we do). We comply with universal opt-out mechanisms (e.g., Global Privacy Control signals) where required.

For EEA/UK Residents (GDPR/UK GDPR):

You have enhanced rights, including to lodge a complaint with a supervisory authority (e.g., your local Data Protection Authority or the UK ICO). We are not required to appoint a Data Protection Officer but have designated privacy leads.

To exercise rights, email truIPofficial@gmail.com with "Privacy Rights Request" in the subject line. Include sufficient details for verification (e.g., IP address used, timestamp of interaction). We respond within statutory timelines (e.g., 30 days under GDPR, 45 days under CCPA). For payment data, contact the processor directly (e.g., Stripe at privacy@stripe.com).

H. Data Transfers and International Users

TruIP is based in the United States, and your data may be transferred to, stored, and processed in the U.S. or other countries where our service providers operate.

For users in the EEA, UK, or Switzerland:

1. We rely on the EU-U.S. Data Privacy Framework (DPF), UK Extension to the EU-U.S. DPF, and Swiss-U.S. DPF as certified by the U.S. Department of Commerce. These frameworks provide adequate safeguards for transfers. View our certification at www.dataprivacyframework.gov.
2. Where DPF does not apply, we use Standard Contractual Clauses (SCCs) or other approved mechanisms.

By using the Service, you consent to such transfers, but we ensure equivalent protections. Users from other countries (e.g., Canada, Australia) should note that U.S. laws may differ from your local laws; we comply with U.S. requirements and respect international standards where feasible.

I. Children's Privacy

1. The Service is not intended for or directed to individuals under eighteen (18) years of age.
2. We do not knowingly collect, use, or disclose personal information from minors.
3. If we discover such data, we will delete it promptly and may restrict access.
4. Parents/guardians may contact us at truIPofficial@gmail.com to inquire or request deletion.

This complies with the Children's Online Privacy Protection Act (COPPA) and similar laws.

J. Intellectual Property and Uploaded Content

1. User Ownership: You retain all rights, including copyrights and trademarks, in your uploaded content. We do not claim ownership.
2. Limited License: You grant us a temporary, non-exclusive, worldwide license to process your content solely for the requested analysis. This license ends upon deletion.
3. No AI Training or Commercial Use: Uploaded images are not used to train models, for marketing, or any commercial purpose beyond the Service. Analyses are automated; human review occurs only if essential for support or compliance, with strict controls.
4. User Representations: You warrant that you have rights to upload content and it does not infringe third-party rights. You are responsible for compliance with laws, including export controls and sanctions.
5. Indemnification: You agree to indemnify us against claims arising from your content, as detailed in our Terms of Service.
6. Legal Compliance: We respond to valid requests (e.g., DMCA takedowns) and may refuse or remove infringing content.
7. Handling: Content is secured and not stored beyond necessity.

K. Updates to This Policy

We may update this Policy to reflect changes in laws, practices, or the Service. Updates will be posted with a new Effective Date. For material changes, we may provide notice via email (if provided) or on our website. Continued use constitutes acceptance.

L. Governing Law and Dispute Resolution

This Policy is governed by Delaware law, without regard to conflicts principles. Disputes are resolved per our Terms of Service, including arbitration.

M. Contact Information