TruthHoundTruthHound
Start a scan
Back to home
— Legal

Privacy Policy

Last updated: 2 May 2026

Who we are

TruthHound is operated by Alexander Davidson ("we", "us", "our"), trading as TruthHound. We are the data controller for personal data collected through the Service. You can contact us about privacy matters at privacy@truthhound.app.

What we collect

Account information. Your email address, hashed password (or OAuth identifier), display name, and account preferences.

Uploads. The material you submit for analysis, including photos, screenshots, message transcripts, and voice notes.

Scan metadata. Timestamps, scan type, intake form answers, model outputs, risk indicators triggered, and confidence scores.

Technical data. Device type, browser, IP address (for fraud prevention and rate limiting), and minimal diagnostic logs.

Order data. When you make a purchase, our payment processor Paddle collects your billing details (name, billing address, payment method, tax ID where applicable). We receive a record of the transaction (order ID, plan, amount, status) but do not see or store your full payment card details.

Why we collect it and our legal basis

  • Run analysis and provide the Service — legal basis: performance of a contract with you.
  • Authenticate you, manage your account, and process subscriptions — legal basis: performance of a contract.
  • Send transactional emails (receipts, security notices, service updates) — legal basis: performance of a contract and legal obligation.
  • Fraud prevention, abuse detection, rate limiting, and security — legal basis: legitimate interests in protecting the Service and our users.
  • Comply with tax, accounting, and legal obligations — legal basis: legal obligation.
  • Product improvement using your uploads — only with your explicit opt-in. Legal basis: consent, which you can withdraw at any time.
  • Marketing emails (if any) — legal basis: consent, which you can withdraw at any time.

Retention

By default, scan history and uploaded material are retained for 30 days, after which they are deleted from primary storage and queued for backup expiry.

Watch users may pin specific scans to retain them beyond 30 days for ongoing monitoring. Zero-retention mode (available on Watch) deletes uploads immediately after analysis; only the structured report and metadata remain.

Order and billing records are retained for 6 years to comply with UK tax and accounting law. Account data is retained while your account is active and deleted within 30 days of account closure (subject to the legal retention requirements above).

Sharing

We do not sell your personal data. We do not share it for advertising. We share data only with the subprocessors required to deliver the Service:

  • Paddle — our Merchant of Record. Paddle processes payments, manages subscriptions, handles invoicing and tax compliance, and provides buyer support and refunds. See Paddle's Privacy Notice.
  • Lovable Cloud / Supabase — backend infrastructure, database, authentication, and file storage.
  • Lovable AI Gateway / Google Gemini — AI analysis of uploaded photos, messages, and voice notes.
  • Email provider — for transactional email delivery; provider name disclosed on request.
  • Professional advisers (legal, accounting) and authorities where required by law.

Each subprocessor is bound by a data processing agreement and processes data only on our instructions (except Paddle, which acts as an independent controller for payment processing as Merchant of Record).

Your rights (UK GDPR)

If you are in the UK or EEA, you have the right to:

  • Access the personal data we hold about you.
  • Rectify inaccurate or incomplete data.
  • Erase your data ("right to be forgotten").
  • Port your data in a machine-readable format.
  • Restrict certain processing of your data.
  • Object to processing based on legitimate interests.
  • Withdraw consent at any time, where processing is based on consent.
  • Complain to the Information Commissioner's Office (ICO) at ico.org.uk.

To exercise any right, email privacy@truthhound.app. We respond within one month.

Cookies

We use only essential cookies required for authentication, session management, and security. We do not use advertising trackers, third-party behavioural analytics, or cross-site tracking.

International transfers

Some processing occurs outside the UK/EEA — for example, when uploads are analysed by Google Gemini via the AI Gateway, or when Paddle processes payments. These transfers are protected under Standard Contractual Clauses (SCCs) approved by the European Commission, the UK International Data Transfer Addendum, or equivalent transfer mechanisms.

Children

The Service is for users aged 18 and over. We do not knowingly collect or process personal data from children under 18. If we learn that we have collected such data, we will delete it promptly.

Security

Uploads and personal data are encrypted in transit (TLS 1.2+) and at rest. Access to production data is scoped, logged, and limited to the minimum personnel required for operation and support. We perform regular security reviews. If you discover a vulnerability, please report it to security@truthhound.app.

Changes to this notice

We may update this Privacy Policy from time to time. Material changes will be notified by email or in-product notice. The "Last updated" date at the top of this page reflects the latest revision.

Contact

For privacy questions or to exercise your rights, contact privacy@truthhound.app.

← Back to home