Privacy Policy

1. Introduction

Welcome to TrueCheck. TrueCheck Inc. ("TrueCheck," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at truecheck.co, use our SMS verification API, dashboard, and any related services (collectively, the "Services"). Please read this Privacy Policy carefully. By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by the terms of this Privacy Policy. If you do not agree, please discontinue use of our Services immediately.

2. Scope of This Policy

This Privacy Policy applies to all information collected through our Services, including our website, APIs, mobile applications, and any other platforms or channels through which you interact with TrueCheck. This policy does not apply to information collected by third parties, including any third-party websites, services, or applications that may be accessible through our Services. We encourage you to review the privacy policies of any third-party services before providing them with your information.

3. Information We Collect

3.1 Personal Information

We collect personal information that you voluntarily provide when registering for an account, making a purchase, or contacting us. This includes your full name, email address, phone number, company name, billing address, payment information (processed securely through our third-party payment processor), and any other information you choose to provide. If you sign up using a third-party authentication provider (such as Google or GitHub), we may receive your name and email address from that provider.

3.2 Usage and Technical Data

When you access our Services, we automatically collect certain technical information, including your IP address, browser type and version, operating system, device identifiers, referring URLs, pages visited, time spent on pages, API call logs, response times, error rates, and other diagnostic data. We may also collect information through cookies, web beacons, pixel tags, and similar tracking technologies. This data helps us understand how our Services are used, optimize performance, and improve the user experience.

3.3 Verification and Transactional Data

In the course of providing our SMS verification services, we process phone numbers, one-time passcodes (OTPs), verification status results, timestamps, delivery receipts, carrier information, and related metadata. This data is processed on behalf of our customers (the businesses integrating our API) and their end users. We act as a data processor for this information and handle it in accordance with our customers' instructions and applicable data protection laws.

4. How We Use Information

We use the information we collect for the following purposes: to provide, operate, maintain, and improve our Services; to process transactions, send billing information, and manage your account; to send you technical notices, security alerts, support messages, and administrative communications; to respond to your inquiries, comments, and customer support requests; to monitor and analyze usage patterns, trends, and activities to enhance the reliability and performance of our API; to detect, investigate, and prevent fraudulent transactions, unauthorized access, and other illegal activities; to personalize and improve your experience with our Services; to comply with legal obligations, resolve disputes, and enforce our agreements including our Terms of Service; and to carry out any other purpose described to you at the time the information was collected.

5. Legal Bases for Processing

If you are located in the European Economic Area (EEA), United Kingdom, or another jurisdiction that requires a legal basis for processing personal data, we rely on the following bases: (a) Contractual Necessity — processing is necessary to perform our contract with you, including providing the Services and managing your account; (b) Legitimate Interests — processing is necessary for our legitimate interests, such as improving our Services, preventing fraud, and ensuring network security, provided these interests are not overridden by your data protection rights; (c) Consent — where you have given us explicit consent to process your personal data for a specific purpose, such as receiving marketing communications; and (d) Legal Obligation — processing is necessary to comply with a legal obligation to which we are subject.

6. Disclosure of Information

We do not sell your personal information. We may share your information in the following circumstances: with trusted third-party service providers who perform services on our behalf, such as cloud hosting, payment processing, analytics, email delivery, and customer support — these providers are contractually bound to use your data only as directed by us and in accordance with this Privacy Policy; with law enforcement, government authorities, or other third parties when required by law, subpoena, or other legal process, or when we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others; in connection with a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, in which case your information may be transferred as part of that transaction; and with your consent or at your direction.

7. SMS Communications and Consent

Our core service involves sending SMS messages containing one-time verification codes to end users on behalf of our customers. By integrating TrueCheck's API, our customers confirm they have obtained proper consent from their end users to receive these verification messages. TrueCheck does not send marketing or promotional SMS messages to end users. If you are an end user receiving a verification code, the message is initiated by the business or application you are interacting with. Standard message and data rates may apply. For questions about why you received a verification message, please contact the business or application that initiated the verification. For questions about our SMS practices, contact us at support@truecheck.co.

8. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy any legal, accounting, or reporting requirements. Verification data, including phone numbers and OTP codes, is automatically purged within 24 hours of delivery. Account information is retained for as long as your account remains active or as needed to provide you with our Services. After account deletion, we may retain certain data in anonymized or aggregated form for analytics purposes. Billing records and transaction data are retained as required by applicable tax and financial regulations, typically for a period of seven (7) years. You may request deletion of your account and associated data at any time by contacting us at support@truecheck.co.

9. Data Security

We implement industry-standard technical and organizational security measures designed to protect your personal information from unauthorized access, alteration, disclosure, or destruction. These measures include TLS 1.3 encryption for all data in transit, AES-256 encryption for data at rest, regular penetration testing and vulnerability assessments, SOC 2 Type II audited controls, role-based access controls with least-privilege principles, comprehensive logging and real-time monitoring, and regular security training for all personnel. While we strive to protect your personal information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security, but we are committed to promptly addressing any security incidents in accordance with applicable laws.

10. Your Rights and Choices

Depending on your jurisdiction, you may have certain rights regarding your personal data. European Residents (GDPR): If you are located in the EEA or UK, you have the right to access your personal data, rectify inaccurate data, request erasure of your data, restrict processing, data portability, object to processing, and withdraw consent at any time. California Residents (CCPA/CPRA): If you are a California resident, you have the right to know what personal information we collect and how it is used, to request deletion of your personal information, to opt out of the sale or sharing of personal information (we do not sell your data), and to non-discrimination for exercising your privacy rights. Other Jurisdictions: Residents of other states and countries may have additional rights under applicable privacy laws. To exercise any of these rights, please contact us at support@truecheck.co. We will respond to your request within the timeframe required by applicable law.

11. Children's Privacy

Our Services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have inadvertently collected personal data from a child under the age of 16, we will take immediate steps to delete such information from our records. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us at support@truecheck.co so that we can take appropriate action.

12. International Data Transfers

TrueCheck is based in the United States, and your information may be transferred to, stored, and processed in the United States or other countries where our service providers maintain facilities. These countries may have data protection laws that differ from those in your jurisdiction. If you are located outside the United States and choose to use our Services, you acknowledge that your information will be transferred to the United States. Where required by applicable law, we implement appropriate safeguards for international data transfers, including Standard Contractual Clauses (SCCs) approved by the European Commission, and other legally recognized transfer mechanisms.

13. Compliance with Privacy Laws

TrueCheck is committed to complying with applicable privacy and data protection laws, including but not limited to the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), the Telephone Consumer Protection Act (TCPA), the CAN-SPAM Act, and other applicable federal, state, and international privacy regulations. We regularly review and update our practices to ensure ongoing compliance with evolving legal requirements. If you believe we are not handling your information in compliance with applicable law, please contact us at support@truecheck.co.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by posting the updated policy on our website and updating the "Last Updated" date at the top of this page. We may also send you an email notification for significant changes. Your continued use of our Services after the effective date of any changes constitutes your acceptance of the revised Privacy Policy. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.

15. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Please also review our Terms of Service.