Privacy Policy
Effective date: April 14, 2026
This policy explains how TrustLists collects, uses, and protects information across trustlists.org, app.trustlists.org, and TrustLists Companion.
Also see our Terms of Service.
1) Scope
This policy applies to:
- TrustLists public website and API at trustlists.org.
- TrustLists web app at app.trustlists.org.
- TrustLists Companion browser extension.
2) Information We Collect
Account and authentication data
- Email address and basic profile identifiers from sign-in providers.
- Session/authentication tokens needed to keep you signed in.
Usage and product data
- Favorites, lookup usage counters, and SOC 2 analysis/report history.
- Basic operational logs for reliability, abuse prevention, and debugging.
AI lookup request data
- When you trigger AI Lookup, we process vendor/company query inputs you submit.
- We store lookup events and discovered trust-center candidates to improve workflows.
3) Payments and Billing
Payments are processed by Stripe. We do not store full card numbers or CVC values.
- We send Stripe the data needed to process your credit purchase transaction.
- We store billing-related metadata required to grant credits and reconcile payments (for example user ID, pack ID, credits, Stripe session identifiers).
4) How We Use Information
- Provide directory search, AI lookup, favorites, and SOC 2 workflows.
- Authenticate users and secure access to paid features.
- Process payments and grant account credits.
- Operate, maintain, and improve product quality and abuse protections.
5) Browser Extension Data Handling
TrustLists Companion uses Chrome permissions to deliver extension functionality (for example side panel UI, auth/session sync, local caching, and opening trust-center links).
For AI lookup, user-submitted lookup inputs are sent to TrustLists APIs to return results and account usage updates.
6) Third-Party Processors
We use third-party infrastructure and service providers, including:
- Stripe (payment processing)
- Supabase (data and auth infrastructure)
- OpenAI (AI lookup processing where applicable)
- Hosting and operational infrastructure providers (for app/site delivery)
7) Data Retention
- We retain account and transaction-related records as needed for operations and compliance.
- We retain product data while your account is active unless deletion is requested.
- We may retain limited logs for security, fraud prevention, and legal obligations.
9) Your Choices and Rights
- You can request account data access, correction, or deletion.
- You can uninstall the extension at any time.
- You can contact us for privacy-related requests at privacy@trustlists.org.
10) Security
We use reasonable administrative, technical, and organizational safeguards to protect data. No system is 100% secure, but we continuously improve our controls.
11) Changes to This Policy
We may update this policy periodically. We will update the effective date above when changes are made.
12) Contact
For privacy questions, contact privacy@trustlists.org.