Trust Peer
TrustPeerHome

Privacy Policy

Last updated: April 26, 2026

1. Introduction

Welcome to TrustPeer ("we," "our," or "us"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application (iOS and Android) and our website at trustpeer.io (collectively, the "Platform").

By using TrustPeer, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this Privacy Policy, please do not access the Platform.

Data Controller: TrustPeer, Field Road, London, W6 8HS, United Kingdom. Contact: support@trustpeer.io.

2. Information We Collect

2.1 Information you provide

We collect personal information you voluntarily provide when you:

  • Register an account: name, email, password (hashed), date of birth (for 17+ age verification).
  • Complete your profile: bio, profile photo, location, phone number, social media handles, gender, timezone, website.
  • Verify your phone number: we receive your phone number after Firebase Phone Auth confirms an SMS one-time-code.
  • Apply to be an influencer: social media links, content category, verification documents.
  • Make a payment: we never see or store your full card number — Stripe (or Apple/Google IAP) handles that. We receive a tokenised reference, the last 4 digits, and the brand for display.
  • Send a connection request: answers to the influencer's screening questions, voice recordings (if uploaded).
  • Vouch for an influencer: the amount and whether you chose private vs public vouch.
  • Chat: the messages you exchange in the 30-day private chat that opens after a request is accepted.
  • Contact support: the content of any support ticket or email.
  • Verify your identity (influencers only): Stripe Identity verification documents — held by Stripe, not us.
  • Add bank details (influencers only): account number / sort code / IBAN / SWIFT, encrypted with Laravel Crypt.

2.2 Information collected automatically

  • Device data: device model, OS version, app version, language, timezone.
  • Identifiers: a server-issued user ID, your Sanctum session token, an FCM push token (if you grant push permission).
  • Log data: IP address, request paths, response codes, timestamps — kept for security and debugging.
  • Usage data: which screens you visit, which features you use, search queries, taps on influencer profiles.
  • Crash and performance data: stack traces and timing metrics (no personally identifying content).

We do not run third-party advertising or analytics SDKs. We do not use the Apple AdvertisingIdentifier (IDFA), and we declare NSPrivacyTracking: false in our iOS Privacy Manifest. We do not track you across other apps or websites.

2.3 Third-party sign-in

If you sign in with Google, Apple, or Facebook, we receive your name, email, and (where provided) profile picture from those providers. We never receive your password. Apple Sign In may give us a relay email address — that is fine.

3. Prospect Influencer Profiles (important — please read)

TrustPeer lets users request that a public figure who is not yet a TrustPeer member be added to the platform. When a request is approved, we may create a prospect profile using publicly-available information so other users can express interest in connecting with that person.

A prospect profile may include:

  • The person's public name or stage name
  • A profile photo from a public source (e.g. their public social-media profile)
  • A short bio drawn from publicly-available descriptions
  • Links to their public social-media profiles

What a prospect profile is not: it is not a verified account, it is not endorsed by the person it represents, and it does not enable anyone to message them. A prospect profile is clearly labelled as unclaimed. Users who pay to support a prospect are paying TrustPeer; that payment is held and only released to the person if they later claim the profile and accept our Terms.

If you are the public figure on a prospect profile you have two free options at any time:

  • Claim the profile by signing up with the email address we have associated with it; the profile becomes yours and you can edit or delete anything we placed on it.
  • Request removal by emailing support@trustpeer.io from any reasonably-verifiable contact (e.g. an email on your verified social media bio). We will remove the profile within 7 days and refund any pending support payments to the people who made them.

Our legal basis for creating a prospect profile from public information is legitimate interest (GDPR Art. 6(1)(f)) — specifically the platform's legitimate interest in offering a way for fans to coordinate around public figures, balanced against the public figure's rights. We mitigate the impact through the labelling, the takedown route described above, and by never claiming endorsement.

4. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Platform.
  • Process payments, send receipts, and issue refunds.
  • Calculate the DeepScore (0-100) compatibility number using OpenAI's GPT models — see Section 5.
  • Enable communication between users and influencers in the 30-day chat.
  • Send transactional notifications (push and email) about your requests, vouches, chats, and account.
  • Respond to support requests.
  • Detect and prevent fraud, abuse, harassment, and illegal activity.
  • Moderate user-generated content (chat messages, bios) using OpenAI's moderation API — see Section 5.
  • Comply with legal obligations.

5. AI, DeepScore, and Content Moderation

When you submit a connection request, your answers to the influencer's screening questions are sent to OpenAI to compute a DeepScore. OpenAI processes the request as a data processor on our behalf, under their data-processing addendum. OpenAI is contractually prohibited from using your inputs to train its models.

All chat messages are passed through OpenAI's moderation endpoint to flag harassment, sexual content involving minors, threats, and similar categories. Messages flagged at high confidence may be hidden pending a human review by our moderation team within 24 hours, in accordance with App Store Guideline 1.2.

The DeepScore is a guide for the receiving influencer — it does not guarantee a response or acceptance. We do not make automated decisions about you that produce legal or similarly significant effects.

6. Payment Information

All payment processing is handled by Stripe (web/Android) or Apple In-App Purchase / Google Play Billing (iOS where required by Apple Guideline 3.1.1, Google Play Billing Policy). We do not see, store, or transmit your full card number; Stripe's privacy policy governs Stripe's use of your payment data.

For influencer payouts, we collect bank account or Stripe Connect details. Bank details entered manually are encrypted at rest using Laravel Crypt. Stripe Connect onboarding is handled directly between you and Stripe.

Apple In-App Purchase subscriptions are managed through your Apple ID; you can cancel from Settings → [your name] → Subscriptions on iOS. We receive a verification receipt from Apple but never see your Apple ID password.

7. Sharing and Disclosure

We share information only as follows:

  • With influencers you contact: when you send a connection request, the receiving influencer sees your name, profile photo, your answers to their screening questions, and your DeepScore. If you opted for an Anonymous Request, your name and photo are hidden.
  • With other users: your public profile (subject to your Privacy Settings) is visible to other users.
  • With our service providers (data processors):
    • Railway — application hosting (EU region)
    • Neon — Postgres database hosting
    • Stripe — payments, Stripe Connect, Stripe Identity
    • Apple — App Store In-App Purchase verification, Sign in with Apple
    • Google — Google Sign-In, Firebase Cloud Messaging (push notifications), Firebase Phone Auth (SMS OTP)
    • OpenAI — DeepScore computation, content moderation
    • Resend — transactional email delivery
    • Sentry / Railway logs — crash and error reporting
  • For legal reasons: if required by law, court order, or government request, or to protect the rights, safety, and property of TrustPeer, our users, or the public.
  • Business transfers: if we are acquired or merged, your information may transfer as part of that transaction (you will be notified).

We do not sell your personal information.

8. Data Retention

We retain personal information only for as long as necessary:

  • Account data — for as long as your account is active.
  • Chat messages — kept for 30 days after the chat ends, then deleted.
  • Connection request data — retained for 12 months for refund and dispute resolution.
  • Payment and tax records — retained for 7 years to comply with HMRC and equivalent obligations.
  • Moderation flags — retained for 12 months from the action.
  • Server logs — typically 30-90 days; security-relevant logs up to 12 months.
  • After account deletion: personal data is hard-deleted within 30 days of the grace period ending (see Section 10), except where retention is required by law (e.g. tax records) or to resolve an open dispute.

9. Lawful Basis for Processing (GDPR / UK GDPR)

If you are in the UK or EU, we rely on the following lawful bases under Article 6 GDPR:

  • Contract (Art. 6(1)(b)): processing necessary to deliver the service you signed up for — accounts, chat, payments, requests, vouches.
  • Legitimate interest (Art. 6(1)(f)): fraud prevention, security, abuse moderation, prospect-influencer profiles (see Section 3).
  • Legal obligation (Art. 6(1)(c)): tax records, responding to lawful requests.
  • Consent (Art. 6(1)(a)): push notifications, optional marketing emails, location, camera/microphone access — you can revoke at any time.

Special-category data (e.g. health, ethnicity) is not collected by TrustPeer. Do not include special-category data in messages, profile bios, or screening-question answers.

10. Your Privacy Rights

Depending on where you live, you have rights including:

  • Access: request a copy of the personal information we hold about you.
  • Correction: have inaccurate data corrected (most fields are editable in Settings → Edit Profile).
  • Deletion ("right to be forgotten"): use Settings → Account → Delete Account. Your account is queued for hard-deletion after a 30-day grace period (cancellable). Hard-deletion removes your personal data from our active systems within 30 days; backups roll off within a further 90 days.
  • Portability: request a machine-readable copy of the data you provided.
  • Objection: object to processing based on legitimate interest.
  • Withdraw consent: for any processing that relies on consent.
  • Lodge a complaint with the UK Information Commissioner's Office (ico.org.uk) or your local supervisory authority.

To exercise any right, email support@trustpeer.io with the subject line "Privacy Request". We will respond within 30 days.

11. California Privacy Rights (CCPA / CPRA)

If you are a California resident, you have the right to:

  • Know what personal information we collect, use, and disclose.
  • Request deletion of your personal information (subject to legal exceptions).
  • Correct inaccurate personal information.
  • Opt out of the "sale" or "sharing" of personal information — we do not sell or share personal information, and we do not engage in cross-context behavioural advertising.
  • Limit the use of sensitive personal information — we do not use sensitive personal information except as needed to provide the service.
  • Be free from retaliation for exercising any of the above rights.

To make a CCPA request, email support@trustpeer.io with subject "California Privacy Request". You may designate an authorised agent to make a request on your behalf.

12. Privacy Settings In-App

In Settings → Privacy & Security you can control the visibility of your profile photo, bio, location, phone number, social links, vouch counts, level badge, and overall profile (public/private). These controls also apply to your public web profile at trustpeer.io/@yourpublicid.

13. Data Security

We use HTTPS/TLS for all traffic, hash passwords with bcrypt, encrypt bank details with Laravel Crypt, and run isolated database environments. Access to production data is limited to a small number of engineers under audit logging. No method of transmission or storage is 100% secure; we will notify affected users of any breach affecting their personal data within 72 hours of becoming aware, as required by GDPR.

14. International Data Transfers

We are based in the United Kingdom. Some of our processors are in the United States (Stripe, OpenAI, Apple, Google, Resend). Where data leaves the UK or EU, we rely on the European Commission's Standard Contractual Clauses or, where applicable, the EU-US / UK-US Data Privacy Framework as the transfer mechanism.

15. Children's Privacy

TrustPeer is rated 17+ and is not intended for children under 17. We collect a date of birth at registration to enforce this. If you become aware that a child has provided personal information to us, please email support@trustpeer.io and we will delete it.

16. Cookies (Website)

The trustpeer.io website uses only strictly-necessary cookies for session management and CSRF protection. We do not use advertising or analytics cookies that require consent under the UK PECR / EU ePrivacy Directive. The TrustPeer mobile app does not use cookies.

17. Changes to This Policy

We may update this Privacy Policy. Material changes will be communicated by email and via in-app notification at least 14 days before they take effect. The "Last updated" date at the top reflects the most recent revision.

18. Contact Us

For all privacy questions, requests, and complaints — and for any other contact with TrustPeer: