Introduction

This Privacy Policy describes how TrustXP ("we," "us," "our," or "Company") collects, uses, and protects your personal information when you use our website and trust measurement platform. We are committed to transparency and your privacy rights.

Company: TrustXP

Contact: hello@trustxp.com

Last updated: April 2026

Information We Collect

We collect different types of information depending on how you interact with TrustXP:

  • Account Information: Name, email address, company name, team size when you create an account
  • Pulse Response Data: Answers to 2-4 questions in our anonymous micro-pulses, submitted voluntarily
  • Website Usage: Browser type, IP address, pages visited, via Google Analytics
  • Form Submissions: Information you provide through contact and newsletter forms via Formspree
  • Integration Data: When you connect Slack or Teams, we receive only the channel or workspace ID to deliver pulses (never message content)

How We Use Your Information

We use the information we collect for specific, legitimate purposes:

  • Deliver trust measurement pulses to your team and aggregate results
  • Create and manage your account, authenticate access
  • Send transactional emails (account confirmations, password resets)
  • Respond to support inquiries and improve our service
  • Analyze website usage patterns to improve user experience
  • Send occasional product updates and newsletters (with your consent)
  • Comply with legal obligations and enforce our terms of service

Pulse Response Data & Anonymity

Anonymity in TrustXP is structural by design. This is our core commitment to you:

At Collection

When a team member responds to a trust micro-pulse, identifying information is stripped away immediately. Responses are never linked to an account ID, user ID, email, or Slack/Teams profile.

No Pathway to Identification

There is no pathway—for us or for your administrators—to connect a response to a specific person. Even with access to the platform, admins cannot see individual answers or identify who responded what.

Minimum Response Thresholds

Results only appear after a minimum of 5 unique responses. This prevents identification through small-group inference in smaller teams.

Aggregation

Raw individual responses are processed into aggregated team-level insights and discarded. We retain only the computed results, not the original granular data.

What We Never Do

  • Perform sentiment analysis on responses
  • Build psychological or behavioral profiles
  • Use responses to train external AI models
  • Track which individual submitted which response
  • Allow re-identification of respondents

Data Storage & Security

Geographic Location: All response data is stored in the European Union on infrastructure that meets GDPR data residency requirements.

Encryption:

  • Transit encryption: TLS 1.2 or higher for all data in transmission
  • At-rest encryption: AES-256 for stored data

Data Retention: Raw pulse response data is retained only as long as necessary to compute aggregated insights, then securely deleted. Aggregated insights are retained for the duration of your account, unless you request deletion.

Access Controls: Access to your data is restricted to authorized personnel and automated systems. We use industry-standard firewalls, monitoring, and access controls.

Third-Party Services

We use select third-party services that process limited data on our behalf:

Google Analytics

We use Google Analytics (tracking ID: G-R2BCNYMBT8) to understand how you use our website. Google processes anonymized usage data such as pages visited, referrer sources, and device information. You can opt out using Google's opt-out browser extension.

Formspree

Contact and newsletter forms are powered by Formspree. When you submit a form, Formspree processes your email address and message to deliver it to us. Formspree does not retain this data longer than necessary for delivery.

Slack & Microsoft Teams Integration

When you connect Slack or Teams, TrustXP receives only your workspace/team ID to deliver pulse notifications. We never read, store, or analyze message content. These integrations are purely for pulse delivery channels.

EU Data Processing

All third-party integrations are selected to ensure compliance with GDPR and EU data residency where applicable.

Cookies

We use cookies only for essential functionality and analytics:

  • Essential Cookies: Authentication tokens, session management, CSRF protection
  • Analytics Cookies: Google Analytics (via Google's cookies) to measure site usage

We do not use tracking cookies for behavioral advertising or third-party marketing. When you first visit our site, you have the option to accept or decline analytics cookies.

Data Retention

Account Data: We retain your account information (name, email, team name) as long as your account remains active. If you delete your account, this data is deleted within 30 days.

Pulse Response Data: Raw responses are deleted immediately after aggregation. Aggregated insights remain until you delete your account or request data deletion.

Website Analytics: Google Analytics data is retained for 26 months by default.

Support Communications: Emails and support tickets are retained for 12 months after the issue is resolved, unless legally required to retain longer.

Your Rights Under GDPR

If you are located in the EU, you have the following rights under the General Data Protection Regulation (GDPR):

  • Right of Access: Request a copy of the personal data we hold about you
  • Right to Rectification: Request correction of inaccurate data
  • Right to Erasure: Request deletion of your personal data ("right to be forgotten")
  • Right to Restriction: Request that we limit processing of your data
  • Right to Data Portability: Request your data in a portable, machine-readable format
  • Right to Object: Object to certain types of processing
  • Right to Lodge a Complaint: Contact your local data protection authority

To exercise these rights, please contact us at hello@trustxp.com with your request. We will respond within 30 days.

Children's Privacy

TrustXP is designed for organizations with 25-200 employees and is not intended for children under 16. We do not knowingly collect personal information from children. If we become aware that a child has provided information, we will delete it promptly and may terminate the account.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will notify you of material changes by updating the "Last updated" date and, if the change is significant, by sending you a notice via email or through the platform.

Your continued use of TrustXP after any changes signifies your acceptance of the updated Privacy Policy.

Contact Us

If you have questions about this Privacy Policy, your data, or our privacy practices, please contact us:

Email: hello@trustxp.com

We are committed to working with you to resolve any privacy concerns or questions promptly.

Your privacy is our priority.

Measure trust without surveillance. Anonymous. Secure. Compliant.

No credit card required for teams ≤10.