TruthHoundTruthHound
Start a scan
Back to home
Draft — review with a solicitor before launch.
— Legal

Privacy Policy

Last updated: 14 March 2026

What we collect

Account information. Your email address, hashed password (or OAuth identifier), display name, and account preferences.

Uploads. The material you submit for analysis, including photos, screenshots, message transcripts, and voice notes.

Scan metadata. Timestamps, scan type, intake form answers (e.g. how long you've spoken, platform), model outputs, risk indicators triggered, and confidence scores.

Technical data. Device type, browser, IP address (for fraud prevention and rate limiting), and minimal diagnostic logs.

Why we collect it

  • Run analysis. Uploads are processed by our analysis pipeline to generate your report.
  • Fraud prevention. Detect abuse, rate-limit automated requests, and prevent uploads of unlawful content.
  • Account and billing. Authenticate you, send transactional emails, and process subscriptions.
  • Product improvement. Only with your explicit consent. We never use your uploads to improve models without an opt-in. By default, your uploads are not used for training.

Retention

By default, scan history and uploaded material are retained for 30 days, after which they are deleted from primary storage and queued for backup expiry.

Watch users may pin specific scans to retain them beyond 30 days for ongoing monitoring of a chosen subject.

Zero-retention mode (available on Watch) deletes uploads immediately after analysis completes; only the structured report and metadata remain.

You can delete any scan from your history at any time.

Sharing

We do not sell your personal data. We do not share it for advertising. We share data only with the subprocessors required to deliver the Service:

  • Lovable Cloud / Supabase — backend infrastructure, database, authentication, and file storage.
  • Lovable AI Gateway / Google Gemini — AI analysis of uploaded photos, messages, and voice notes.
  • Stripe — payment processing (when subscriptions are enabled).
  • Email provider — TBD; will be disclosed before launch.

Each subprocessor is bound by a data processing agreement and processes data only on our instructions.

Your rights (UK GDPR)

If you are in the UK or EEA, you have the right to:

  • Access the personal data we hold about you.
  • Rectify inaccurate or incomplete data.
  • Erase your data ("right to be forgotten").
  • Port your data in a machine-readable format.
  • Restrict certain processing of your data.
  • Object to processing based on legitimate interests.
  • Complain to the Information Commissioner's Office (ICO) at ico.org.uk.

To exercise any right, email privacy@truthhound.app. We respond within 30 days.

Cookies

We use only essential cookies required for authentication, session management, and security. We do not use advertising trackers, third-party analytics that build behavioural profiles, or cross-site tracking.

International transfers

Some processing occurs in the United States — for example, when uploads are analysed by Google Gemini via the AI Gateway. These transfers are protected under Standard Contractual Clauses (SCCs) approved by the European Commission, and equivalent UK transfer mechanisms.

Children

The Service is for users aged 18 and over. We do not knowingly collect or process personal data from children under 18. If we learn that we have collected such data, we will delete it promptly. If you believe a child has used the Service, contact us immediately.

Security

Uploads and personal data are encrypted in transit (TLS 1.2+) and at rest. Access to production data is scoped, logged, and limited to the minimum personnel required for operation and support. We perform regular security reviews and respond to disclosed vulnerabilities promptly.

No system is perfectly secure. If you discover a vulnerability, please report it to security@truthhound.app.

Contact

For privacy questions or to exercise your rights, contact privacy@truthhound.app.

← Back to home