Privacy Policy

1. Purpose of Trustap’s Privacy Policy

The following document applies to Trustap’s transaction platform: www.trustap.com (the “Platform”).

The Platform is owned and operated by Trustap Ltd (“Trustap”), a Private Limited Company incorporated in Ireland (Company Registration Number: 614918), whose registered office is at 1-2 St Patrick’s Quay, Victorian Quarter, Cork, T23 CY5X, Ireland. In this policy, “we”, “us”, and “our” refer to Trustap, and references to “you” and “your” refer to you, the user of the Platform and our customer (“Customer”).

For the purposes of the EU General Data Protection Regulation (GDPR) and the Irish Data Protection Act 2018 (together, the “Data Protection Legislation”), Trustap is the Data Controller.

This policy is adopted in accordance with legislative requirements to protect personal data obtained, collected, recorded, and processed about individuals. Processing is necessary and incidental to:

• Providing the products and services that we offer;
• The normal day-to-day operations of our business;
• Pursuing the legitimate interests of Trustap and those of third parties in connection with our operations.

By using the Platform, you acknowledge the processing practices described in this policy. We take the security and privacy of your personal information very seriously.

2. Who and What This Policy Applies to

We handle data in our own right as a Data Controller and, where applicable, on behalf of our users. This policy applies to personal data relating to identifiable living individuals; it does not apply to anonymous or purely corporate business information, though it does apply to individuals within those businesses.

The policy applies to all forms of information, physical and digital. If you provide data about someone else, you warrant that you have obtained their explicit authorization and consent to do so. Trustap is strictly not available to children under the age of 18.

Marketing materials are communicated strictly on the basis that an individual has consented to receive them. You may opt out of marketing communications at any time. Non-marketing communications (such as transactional updates, customer support, and security alerts) are processed based on contractual necessity or legitimate interests, and contain no marketing material.

3. The Information We Collect

In the course of business, we must collect personal data to identify you, fulfill transactions, protect against fraud, and communicate with you. The categories of personal data we collect include:

• Personal Identity Information: Name, location, date of birth, and government-issued identification documents (such as passports or driver’s licenses) required for identity verification.
• Contact Information: Email address, mobile/landline telephone numbers, residential and business addresses, and third-party social media profile information where voluntarily linked.
• Financial Data: Bank account details, debit/credit card information, payment histories, currencies, sort codes, IBAN, BIC/SWIFT codes, and transaction histories.
• Statistical, Analytical, and Behavioural Information: Online preferences, habits, platform interactions, session lengths, error logs, and movements across the Platform. This includes marketing campaign identifiers (such as utm_campaign, utm_source, and utm_medium) stored locally on your device browser, as well as data captured by third-party advertising pixels.
• Device and Technical Information: Internet Protocol (IP) address, hardware model, operating system version, browser type and version, language, unique device identifiers, advertising identifiers, and mobile network information.
• Correspondence and Direct Communications: Any personal data or text you freely send us via email, support channels, or public social media posts.

4. How Information Is Collected

Most information is collected directly from your interactions with the Platform. However, we also receive data from trusted third parties and automated technologies:

• Registrations, Subscriptions, and Transactions: Data entered when creating an account, initiating a transaction as a payer or payee, or subscribing to our services.
• Automated Technologies & Trackers: * First-Party Local Storage: We use browser local storage to retain marketing campaign parameters (e.g., utm_campaign) for up to 90 days to attribute lead origins. This data remains local and anonymous until you choose to submit a lead or contact form.
  
  • Third-Party Pixels & Tags: If you consent via our cookie banner, tracking pixels from Facebook (Meta), LinkedIn, Google Ads, and Reddit collect data about your interactions to measure ad performance and deliver targeted advertising.
• Identity Verification & Public Records: To comply with Know Your Customer (KYC) and Anti-Money Laundering (AML) regulations, we verify your identity and bank details through public sources and dedicated third-party verification providers.

5. How Data Is Stored and Transferred Internationally

The data we collect is primarily stored and processed within the European Economic Area (EEA) on secure servers maintained by globally recognized cloud companies with stringent data security protocols.

However, your data may be transferred to, stored at, or processed by third-party service providers operating outside the EEA (such as Salesforce or Reddit in the United States). Where international transfers occur, we ensure compliance with Data Protection Legislation by utilizing robust legal safeguards, including:

• Adequacy Decisions issued by the European Commission.
• Standard Contractual Clauses (SCCs) approved by the European Commission.
• Participation in authorized frameworks, such as the EU-U.S. Data Privacy Framework, ensuring that your personal data receives an equivalent level of protection as it does within the EEA.

We retain personal data only for as long as necessary to fulfill the purposes outlined in this policy, or as strictly required to comply with statutory legal, financial, or regulatory retention obligations.

6. How Data Is Used

We process your personal data under valid lawful bases defined by the GDPR, including Contractual Necessity, Legal Obligation, Explicit Consent, and Legitimate Interests. We use your information:

• To fulfill our contract with you, execute payment transactions, and provide requested customer support.
• To administer, protect, and optimize our Platform, including troubleshooting, system testing, and data analysis.
• To evaluate the success of our advertising campaigns using local storage attribution keys. If you submit a contact or lead form, your local UTM data is attached to your submission to assist our internal sales teams.
• To deliver relevant, targeted advertising and retargeting campaigns on social media and search networks (Meta, LinkedIn, Google, Reddit) based on your consented cookie choices.
• To verify your identity, prevent fraud, detect money laundering, and comply with regulatory checks via trusted third-party providers.
• To generate aggregated, high-level anonymized statistical reports for internal business optimization. These reports do not contain personal data and cannot identify you.

7. Disclosure and Sharing of Personal Data

We do not sell your personal data to third parties. We share your personal information only with authorized service providers who assist us in executing our business operations under strict Data Processing Addendums (DPAs):

• Payment Processing & Identity Verification: We partner with Stripe to securely process payment transactions, manage card data, and perform automated identity verification (KYC/AML checks). Trustap does not store raw credit/debit card numbers on its own infrastructure.
• Salesforce (CRM): If you submit a contact form, your contact details and associated local marketing campaign parameters (if available and subject to your cookie consent) are synced with Salesforce to manage our business relationships.
• Analytics Providers: We share aggregate, non-identifiable data with Google Analytics to understand platform performance.
• Advertising & Social Networks: If consented to via our cookie banner, interaction and technical data are shared via tracking pixels with Meta Platforms Ireland Ltd., LinkedIn Ireland Unlimited Company, Google Ireland Limited, and Reddit, Inc.
• Legal and Regulatory Compliance: We will disclose data to law enforcement, financial regulators, court systems, or fraud prevention agencies if we are legally obligated to do so, or if we reasonably believe it is necessary to investigate fraud or breaches of our Terms of Service.
• Corporate Restructuring: In the event of a merger, acquisition, asset sale, or liquidation, your personal data may be shared with or transferred to the prospective corporate buyer or successor.

8. Third-Party Services and External Links

Our Platform may contain links to third-party websites or services whose privacy practices are outside our control. We are not responsible for the privacy standards of external entities. We encourage you to read the privacy notices of any third-party services you interact with before providing them with personal data.

9. Your Data Protection Rights Under GDPR

Under Data Protection Legislation, you possess comprehensive rights regarding your personal data. You may exercise these rights at any time, completely free of charge:

• Right of Access: You have the right to request a copy of the personal data we hold about you.
• Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal data.
• Right to Erasure ("Right to be Forgotten"): You have the right to request that we delete your personal data under certain conditions, provided it is no longer required for legal compliance or contractual obligations.
• Right to Restrict or Object to Processing: You have the right to object to or restrict our processing of your data under certain circumstances, including processing based on legitimate interests and direct marketing.
• Right to Data Portability: You have the right to request that we transfer your collected data directly to you or to another organization in a structured, commonly used, machine-readable format.
• Right to Withdraw Consent: Where our processing is based entirely on your consent (such as for marketing tracking and cookies), you have the right to withdraw that consent at any time.

We will respond to all valid requests within one calendar month (30 days) of receipt. To exercise any of these rights, please contact our privacy team at support@trustap.com.

10. Complaints and Dispute Resolution

If you have questions, concerns, or complaints regarding how we manage your personal data, please contact us directly at support@trustap.com so that we can resolve the issue with you.

If you are not satisfied with our response or believe our processing infringes upon Data Protection Legislation, you have the right to lodge a formal complaint with a supervisory authority, specifically the Data Protection Commission (DPC) of Ireland (www.dataprotection.ie).

11. Additions and Amendments to This Policy

We will update this Privacy Policy periodically to reflect shifts in our legal obligations, business operations, or technological integrations.

When material changes are made, we will alert you via an announcement on our Platform or by notifying you directly before the updates take effect. We encourage you to review this policy regularly to stay informed about how we safeguard your information.