Privacy Policy — TruthWall

At TruthWall, we treat your data and your customers' data with the highest level of security. We only collect the data necessary to provide our verification services.

1. Data We Collect

As a Founder: We collect your name, email, company details, WorkOS authentication ID, and your restricted Stripe API key (which is encrypted at rest using AES-256-GCM).

From Your Customers: We temporarily sync Stripe customer IDs, emails, and payment status (boolean flag) to verify testimonials. When a testimonial is submitted, we collect the reviewer's name, role, company, LinkedIn URL, and the testimonial text.

2. How We Use Data

We use synchronized Stripe customer data strictly to power the TruthWall verification engine (cross-matching emails against payment records). We do not sell data. We do not use your customer list for marketing. We do not contact your customers unless you explicitly trigger an invitation via the dashboard.

3. Data Retention

Stripe customer records are synced continuously. If a customer is deleted from your Stripe account, they will eventually be pruned from the TruthWall cache. Testimonials and founder profiles remain active as long as the account is active. OTP verification codes are permanently deleted after 10 minutes or upon successful use.

4. Security

TruthWall uses Supabase Row Level Security (RLS) to ensure tenant isolation. An AES-256-GCM layer encrypts sensitive connection tokens. All network traffic is encrypted over HTTPS.