Privacy Policy

Last updated: May 2026

1. What we collect

We collect the conversation logs generated when end-users interact with the TrustQueue chat widget: the questions asked and the answers returned. We collect an email address only when a user voluntarily submits the human-handoff form so our customer's team can follow up. We do not collect names, IP addresses for profiling, or any other personal identifiers.

2. Where data is stored and processed

Conversation logs, handoff records, and uploaded documentation are stored in Supabase PostgreSQL on AWS eu-west-1 (Ireland). The TrustQueue backend runs on Render in the United States; only request data in flight is processed there and nothing is persisted on Render. To answer a query, the user's question plus the relevant excerpt from your documentation is sent to Google's Gemini API (LLM inference and gemini-embedding-001 for retrieval), which is operated by Google in the United States. Gemini does not retain the request after returning the response (see section 4). For EU customers transferring personal data to the US through Gemini, we rely on the EU-US Data Privacy Framework and Google's Standard Contractual Clauses.

3. Encryption

All data in transit between the widget, our backend, the database, and third-party APIs is encrypted with TLS 1.2 or higher. All data at rest in Supabase PostgreSQL is encrypted with AES-256, using Supabase-managed keys. Customer-managed encryption keys (CMEK) are not currently available.

4. Model training

Customer data is never used to train AI models, ours or any third party's. We operate Google's Gemini API on the paid Tier 1 plan; under Google's terms, paid-tier API inputs and outputs are not used to train Google's models. Every query is processed in-context against the customer's own documentation and not retained by Google after the response is returned. Google's Gemini API terms are available at ai.google.dev/terms.

5. Subprocessors

To operate the service we rely on the following subprocessors. We do not sell or share customer data with anyone outside this list.

  • Supabase: PostgreSQL database hosting (AWS eu-west-1, Ireland)
  • Render: backend application hosting (United States)
  • Google (Gemini API): LLM inference and embeddings (United States)
  • Polar: payment processing and subscription management
  • Resend: transactional email (handoff notifications, onboarding)
  • Sentry: error monitoring (PII redacted by default)
  • Slack: optional handoff notifications to the customer's own Slack workspace
  • Vercel: frontend / landing page hosting

We will notify customers by email at least 30 days before adding a new subprocessor. Customers may object by emailing the address in section 6.

6. GDPR and Data Processing Agreement

TrustQueue operates as a data processor on behalf of our customers (the data controllers) for the conversation data flowing through their widget. Users in the EU/EEA may exercise their rights of access, rectification, and erasure under the GDPR. A Data Processing Agreement (GDPR Article 28) is available on request. To request a DPA, deletion of conversation logs or handoff records, or to ask any other privacy question, contact stergios.z@trustqueue.com. We respond within 30 days; deletion requests are completed within 30 days of confirmation.

7. Retention

Conversation logs are retained for 90 days and then permanently deleted. Handoff records tied to a resolved ticket are retained for the duration of the customer's subscription and deleted on request or within 90 days of account closure.

8. Subscriber data

We collect and store the email address and subscription details of TrustQueue customers (subscribers) for billing and account management purposes. For this account and billing data, TrustQueue acts as the Data Controller (in contrast to section 6, where we act as a Processor for the conversation data flowing through your widget). Documentation uploaded during onboarding is stored in Supabase and used solely to power the widget. It is never shared with third parties outside the subprocessor list in section 5.

All payment processing is handled by our Merchant of Record, Polar. TrustQueue does not collect, process, or store full credit card numbers or payment credentials. Payment data is fully outside our systems and the PCI-DSS scope sits with Polar.

9. Cookies and analytics

The TrustQueue website uses privacy-friendly analytics to measure page traffic. No advertising trackers or third-party profiling cookies are used.

10. Breach notification

In the event of a confirmed personal data breach, we will notify affected customers (data controllers) without undue delay, and in any case within 72 hours of becoming aware, as required by GDPR Article 33. Notification will include the nature of the breach, the categories and approximate number of records affected, and the measures taken or proposed.

11. Children's privacy

TrustQueue is intended for business use by our customers and the visitors of their websites. We do not knowingly collect or solicit personal information from anyone under the age of 16. If we become aware that we have collected personal data from a child under 16 without verifiable parental consent, we will delete that information promptly. Parents or guardians who believe their child has provided us with personal information should contact us at stergios.z@trustqueue.com.

12. Free hallucination-check tool (/check)

The free diagnostic tool at /check processes pasted knowledge base text strictly in memory for the duration of a single request and a one-hour follow-up chat window. The raw knowledge base text, its parsed chunks, and the vector embeddings derived from it are never written to any database, never stored in our logs, and never used to train any model.

We do persist the resulting report (overall score, verdict, per-category counts, and the bot's answers to the twelve fixed test questions) so the shareable result link at /check/result/{id} continues to work when you forward it to a co-founder or post it on social. This report contains the audit results and the bot's generated answers, which are derived from the content you submitted. We do not store the raw knowledge base text itself. Retention is indefinite while the link exists; to have a specific report deleted, email stergios.z@trustqueue.com with the result URL. Pseudonymised aggregate metadata (character length, scores, a SHA-256 hash of the visitor IP) is also retained for cost monitoring and abuse prevention. If you choose to submit your email at the end of a check, that email is stored solely for follow-up by the founder and is never shared.