Privacy Policy

Last Updated: November 28, 2025

1. Introduction

Trustity Cyber Security Ltd. ("Trustity," "we," "us," or "our") is committed to protecting the privacy and security of individuals who interact with our products and services. This Privacy Policy describes how we collect, use, disclose, and safeguard information across our digital properties.

This policy applies to: (i) the Trustity marketing website located at trustity.co; (ii) the Trustity Cloud Platform and operational portal located at trustity.io; and (iii) the Trustity Authenticator mobile application. Each property may collect and process data differently as described below.

2. Scope: What We Collect and Why

Our data practices vary by product. We process only what is necessary for the purpose of each service.

2.1 Trustity Marketing Website (trustity.co)

We collect limited data for security and operational purposes only. This includes:

  • IP address and session metadata to prevent abuse and maintain service availability
  • Basic analytics (anonymized or pseudonymized) to understand site usage and improve content
  • Information you voluntarily provide through contact forms or newsletter sign-ups (e.g., name, email)

We do not sell this data. We use it solely to secure our infrastructure and to respond to your inquiries.

2.2 Trustity Cloud Platform & Operational Portal (trustity.io)

Data collection is integral to the service. As part of delivering our platform (including GenGuard, Vault, Rotator, and related modules), we collect:

  • Account information: Name, email address, organizational details, and authentication credentials you provide during registration
  • Usage data: Logs of system interactions, API usage, feature utilization, and administrative actions
  • Security and operational logs: DLP events (GenGuard), server metadata (Rotator), access logs, and audit trails required for security monitoring, incident response, and compliance

This data is processed under our agreements with customers and in accordance with applicable data protection laws.

2.3 Trustity Authenticator Mobile Application

Trustity Authenticator does not collect personal data. TOTP secrets and codes are generated and stored locally on your device using the operating system's secure storage (Keychain on iOS, Keystore on Android). We do not transmit, store, or have access to your authenticator keys or codes. Push notification tokens, if used, may be processed by the device OS; we do not associate them with identifiable users.

3. Zero-Knowledge Architecture

For our Secure Vault feature within the Trustity Cloud Platform, Trustity employs a Zero-Knowledge architecture. Files and secrets encrypted client-side or via our split-key mechanism cannot be accessed, decrypted, or viewed by Trustity personnel. You retain cryptographic control of your data.

4. How We Use Your Data

Where we do collect data, we use it to:

  • Provide, maintain, and improve our services
  • Process transactions and manage subscriptions
  • Detect, prevent, and respond to security incidents and abuse
  • Comply with legal obligations and enforce our terms
  • Communicate with you regarding product updates, support, or marketing (where you have consented or where we have a legitimate interest)

5. Legal Bases for Processing (GDPR)

Where the General Data Protection Regulation (GDPR) or equivalent laws apply, we rely on:

  • Contract: Processing necessary to perform our agreement with you
  • Legitimate interests: Security, fraud prevention, service improvement, and business operations
  • Consent: Where required (e.g., optional marketing, non-essential cookies)

6. Data Retention & Security

We implement industry-standard security measures, including AES-256 encryption, access controls, and alignment with SOC2 compliance standards. Retention periods vary by data type:

  • Logs: 30 days by default; extended retention available under enterprise plans
  • Account data: Retained for the duration of your relationship with us and as required by law

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access, correct, or delete your personal data
  • Object to or restrict certain processing
  • Data portability
  • Withdraw consent where processing is consent-based
  • Lodge a complaint with a supervisory authority

To exercise these rights, contact us at legal@trustity.io.

8. International Transfers

Your data may be processed in jurisdictions outside your country of residence. Where required, we implement appropriate safeguards (such as Standard Contractual Clauses) to ensure adequate protection.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be reflected by an updated "Last Updated" date and, where appropriate, by additional notice. Continued use of our services after such changes constitutes acceptance of the revised policy.

10. Contact Us

For questions about this Privacy Policy, data protection, or to exercise your rights, please contact us at legal@trustity.io.

Trustity Cyber Security Ltd.