Skip to main content
TrustLoop app iconTrustLoop

Legal

Privacy Policy

Last Updated: 2026-01-18

This Privacy Policy explains how TrustLoop collects, uses, and protects personal information when you use our professional growth and effectiveness platform.

On this page

1. Introduction

TrustLoop ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our professional growth and effectiveness platform.

Data controller / responsible entity: The Nudge L.L.C-FZ (doing business as “TrustLoop”)
Registered Address: Meydan Grandstand, 6th Floor, Meydan Road, Nad Al Sheba, Dubai, United Arab Emirates

2. Information We Collect

2.1 Information You Provide

  • Account Information: Name, email address, password, organization affiliation
  • Professional Data: Reflections, trust scores, development actions, collaboration data
  • Context Information: Role type, team topology, industry, region (optional)

2.2 Information Automatically Collected

We automatically collect limited technical data needed to operate and secure the Service. This may include your iOS device type, app version, basic usage signals (which features you use), and timezone information (to schedule notifications correctly).

3. How We Use Your Information

We use your information to operate the Service (account access, core features, and notifications), to generate insights and development actions, to keep the platform secure, and to improve TrustLoop over time.

We do not sell your personal data.

5. Data Retention

5.1 Default retention (Option A — default)

We retain your personal data while your account is active so the Service can provide longitudinal insights and progress tracking. Upon account deletion:

  • Your account and profile information are deleted immediately
  • Your name and email are anonymized
  • Your reflections and scores are irreversibly anonymized, no longer attributable to an individual, and may be retained for aggregate analytics
  • We may retain anonymized data for up to 30 days for system stability and compliance

Data Deletion: You can request account deletion at any time through the app settings. Deletion is permanent and cannot be undone.

5.2 Enterprise-configurable retention (Option C — by contract)

For certain enterprise customers, TrustLoop may agree to a different retention schedule for specific categories of customer data. Any such schedule must be explicitly stated in the applicable contract documents (for example, an Order Form and/or executed DPA) and will override this default for that customer to the extent of any conflict.

5.3 Business and legal records

TrustLoop may retain certain business records (for example, contracts, invoices, and tax/accounting records) for at least 7 years or longer where required by applicable law, even if a user account is deleted. These records are retained for legal/compliance purposes and are separate from in-product reflection content.

6. Cross-Border Data Transfers

Your data may be processed and stored outside your country of residence, including in the United States and European Union. We use cloud infrastructure providers (Supabase) that maintain appropriate security measures and comply with applicable data protection laws.

When transferring data outside your jurisdiction, we ensure appropriate safeguards are in place, including:

  • Standard contractual clauses (SCCs) where applicable
  • Compliance with GDPR, PIPA, and PDPL requirements
  • Encryption in transit and at rest

7. Data Sharing and Disclosure

We do not sell your personal data. We may share your information only in the following circumstances:

  • Within Your Organization: Aggregate analytics and team insights (never individual reflections or names)
  • Service Providers: Trusted third-party services (hosting, analytics) under strict confidentiality agreements
  • Legal Requirements: When required by law or to protect our rights

Anonymity: Individual reflections and qualitative feedback are never shared with your organization. Only anonymized, aggregated data is visible in organizational dashboards.

8. Your Rights

Depending on your location, you may have the following rights:

  • Right to Access: Request a copy of your personal data (via "Export My Data" in settings)
  • Right to Rectification: Update your profile information at any time
  • Right to Erasure: Delete your account and data (via "Delete Account" in settings)
  • Right to Restrict Processing: Limit how we process your data
  • Right to Data Portability: Export your data in a machine-readable format
  • Right to Object: Object to certain types of processing
  • Right to Withdraw Consent: Withdraw consent at any time (via account deletion)

To exercise these rights, contact us at trustloop@thenudge.ai or use the in-app features.

9. Security

We implement appropriate technical and organizational measures to protect your personal data:

  • Encryption in transit (TLS/SSL) and at rest
  • Secure authentication and access controls
  • Regular security assessments and updates
  • Role-based access controls (RBAC)
  • Anonymization of sensitive data

10. Children's Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

  • Update the "Last Updated" date
  • Notify you via email or in-app notification
  • Require re-consent for material changes (new consent version)

Your continued use of our services after changes constitutes acceptance of the updated policy, unless re-consent is required by law.

12. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us:

Email: trustloop@thenudge.ai

Data Protection Officer (DPO): We have not appointed a formal Data Protection Officer. Privacy inquiries are handled via trustloop@thenudge.ai.

13. Regional Disclosures

13.1 European Economic Area (EEA)

If you are located in the EEA, you have additional rights under the General Data Protection Regulation (GDPR). We act as a data controller for your personal data.

13.2 South Korea

If you are located in South Korea, this Privacy Policy complies with the Personal Information Protection Act (PIPA). We require explicit consent before processing your personal information, as provided during signup.

13.3 United Arab Emirates

If you are located in the UAE, this Privacy Policy complies with the Personal Data Protection Law (PDPL). We process your data with your explicit consent and in accordance with PDPL requirements.

14. Automated decision-making

TrustLoop does not engage in solely automated decision-making that produces legal or similarly significant effects on individuals (for example, automated employment decisions).

← Back to HomeBack to top