Privacy Policy
Last updated 4 May 2026
This privacy policy explains what personal data Trustcircl ("we", "us") collects when you use the service, why we collect it, how it's stored, who it's shared with, and your rights.
1. Who we are
The data controller for Trustcircl is Will Perry, based in United Kingdom. For privacy queries or to exercise any of your rights below, contact us at info@trustcircl.com.
2. What we collect
When you create an account, we store your email address, the password you choose (hashed โ we never see the plain text), your full name, and any two-factor authentication settings you enable.
When you add yourself to a group's directory, we store the information you choose to provide: a display name, an optional short bio, your location, your skills (each marked professional or hobby), an optional contact number, an optional website link, and any notes you write. None of this is mandatory beyond display name, location, and at least one skill.
We also automatically log security-relevant events (login attempts, group joins, administrative actions) along with the IP address the request came from, for a rolling audit trail. This is needed for the integrity of the service.
3. Why we collect it
The lawful bases on which we process your data are:
- Contract โ to provide the directory service you signed up for.
- Legitimate interest โ to keep the service secure (rate limiting, audit logging, fraud prevention).
- Consent โ for any optional fields you choose to fill in (bio, contact, website, notes). You can remove these at any time by editing or deleting your profile.
4. Who else sees it
Inside Trustcircl, your profile data is only visible to other approved members of the group(s) you join. Members of one group cannot see data from another group; this is enforced at the database level.
We use the following sub-processors to run the service:
- Supabase โ database and authentication. Hosts your account credentials and your profile data. EU region.
- Vercel โ application hosting. Handles HTTP traffic; does not see decrypted profile data.
- Cloudflare โ domain registrar and (when enabled) DNS / DDoS protection. Does not see profile data.
We do not sell your data, do not use it for advertising, and do not share it with marketing platforms or analytics providers.
5. How long we keep it
Account and profile data is kept for as long as your account exists. When you delete your account, your profile, group memberships, and skill listings are permanently removed within 30 days. Audit log entries are retained but the link to your specific identity is broken (your user_id is set to null) so the entries can no longer identify you personally.
Backups taken by Supabase as part of routine database operations may retain copies for up to 30 days; we cannot selectively delete from those backups, but they're rotated out of existence on schedule.
6. Your rights
Under UK GDPR you have the right to:
- Access โ request a copy of the data we hold about you.
- Rectify โ correct anything that's wrong (you can edit your profile directly).
- Erase โ delete your account and all associated data (Account โ Delete account).
- Object โ to processing on legitimate interest grounds.
- Portability โ receive your data in a machine-readable format.
To exercise any of these rights, email info@trustcircl.com. We'll respond within 30 days. You also have the right to lodge a complaint with the UK Information Commissioner's Office if you're unhappy with how we handle your data.
7. Cookies
We use essential cookies only โ specifically, your Supabase authentication session cookie and a signed two-factor-auth verification cookie (when 2FA is enabled). Both are required for the service to function and neither is used for tracking, analytics, or advertising. We do not use third-party tracking cookies.
8. Children
Trustcircl is not intended for use by anyone under 16. If you believe a child has submitted information to us, contact info@trustcircl.com and we'll remove it.
9. Changes to this policy
If we make material changes to how we handle your data, we'll update this page and, if the change affects how we use existing data, contact you by email.