TrustMint TrustMint

Privacy Policy

Last updated: March 1, 2026

1. Who We Are

TrustMint ("we", "us", "our") is a review collection platform for small businesses. We are based in the European Union and all data is hosted on EU servers. We act as a data processor on behalf of our business customers (the data controllers) when handling end-customer personal data.

2. Data We Collect

We collect only the minimum data necessary to provide our service:

  • Business users: email address, password (hashed), business name, logo, review platform URLs, billing information (processed by Stripe).
  • End customers: name, email address, phone number (optional), review feedback, consent timestamp.
  • Automatically collected: email open/click events, review page visits. We do not use third-party tracking cookies or analytics.

3. How We Use Your Data

  • To send review request emails on behalf of businesses.
  • To display review landing pages.
  • To provide analytics and reporting to business users.
  • To process payments via Stripe.
  • To send transactional emails (account confirmation, password reset).

4. Legal Basis for Processing

We process personal data under the following legal bases (GDPR Art. 6):

  • Contract performance: to provide the TrustMint service to business users.
  • Legitimate interest: to send review requests on behalf of businesses to their existing customers.
  • Consent: where required, consent is recorded with a timestamp in our consent log.

5. Data Retention

  • Business account data is retained for the duration of the account plus 30 days after deletion.
  • End-customer data is retained until the business user deletes it or the account is closed.
  • Billing records are retained as required by EU tax law (typically 7 years).
  • Email tracking data (opens, clicks) is retained for 12 months.

6. Data Sharing

We do not sell personal data. We share data only with:

  • Brevo (Sendinblue): email delivery (EU servers).
  • Stripe: payment processing (certified EU-US Data Privacy Framework).
  • Heroku / Salesforce: hosting infrastructure (EU region).

7. Your Rights (GDPR)

As a data subject in the EU, you have the right to:

  • Access your personal data.
  • Rectify inaccurate data.
  • Erase your data ("right to be forgotten").
  • Restrict processing of your data.
  • Data portability — receive your data in a machine-readable format.
  • Object to processing based on legitimate interest.
  • Withdraw consent at any time.

End customers can unsubscribe from review requests using the link in every email. Business users can export or delete their data from the Settings page.

8. Cookies

We use only essential cookies required for the application to function (session management, CSRF protection). We do not use advertising, analytics, or third-party tracking cookies.

9. Security

All data is encrypted in transit (TLS 1.2+) and at rest. Passwords are hashed using bcrypt. We conduct regular security reviews and follow OWASP best practices.

10. Contact

For privacy-related inquiries or to exercise your rights, contact us at support@trustmint.co.