TrustStrike Labs / Trust / Privacy

Privacy

What we collect, what we don't, and the rights you have over your data. Written in plain English, with a short answer first and the detail below.

1Our commitment

Privacy is a right, not a feature. We engineer the platform to protect user identity and minimise data exposure at every layer, and we publish this page so you can check our claims against reality.

We never sell your data, we never use it to train our AI models, and we collect the minimum required to deliver the service.

2Principles

Three rules we apply to every product decision that touches customer data.

  • No sale of dataWe never sell your personal or training data to third parties. Your data is yours.
  • No hidden trackingNo marketing trackers, no third-party pixels, and no ad-tech scripts on the product or this website.
  • Data minimisationWe collect the absolute minimum data required to deliver effective security training. If we don't need it, we don't store it.

3Data we process

Every category of data the platform touches, and what we use it for.

CategoryWhat we do with it
Identity dataName and work email, used solely to authenticate and contact you.
Training progressLesson completions and risk scores, visible to your administrator and never shared externally.
AI dataEach customer's data is isolated. We never train our AI models on your private data.
Payment infoProcessed via secure bank transfer. We do not store card data on our systems.

4Your rights

Under GDPR and equivalent frameworks, you have the following rights over data we hold about you. All requests are handled within 24 hours.

  1. Right to accessRequest and download a complete copy of all personal data we store about you in a structured, machine-readable format.
  2. Right to erasureCommonly known as the "right to be forgotten." On request, we hard-delete your data from our primary databases and backups within 24 hours.
  3. Right to rectificationIf any information about you is inaccurate or incomplete, you or your administrator can update it immediately from the dashboard.

5Sub-processors

To deliver the service, we share the minimum necessary data with these vetted providers under strict Data Processing Agreements.

ProviderPurposeRegion
GCP / AWSInfrastructure and object storage.EU (Ireland, Germany)
CloudflareEdge security, WAF, and single sign-on (Zero Trust).Global edge, EU metadata
AWS SESTransactional email delivery.EU (Ireland)

6Privacy contact

To exercise any of the rights above, or for any privacy question, contact the address below from your work email. Please include enough detail for us to identify the relevant account.

Response within 24 hours