Privacy Policy

When you register as a business owner we collect:

• Full name and email address
• Password (stored as a one-way bcrypt hash — we never store the plaintext)
• Mobile phone number (used for identity verification via SMS OTP)
• Profile image (if provided or pulled from Google OAuth)
• OAuth tokens when you sign in with Google

• Business name, category, description, address, phone, and website
• Business logo image (uploaded and stored via Cloudinary)
• Thank-you page branding (photo, headline, message, signer name)
• QR code print template preferences (design, colours, CTA text)
• Third-party review platform credentials and configuration (Google Business Profile URL, Tripadvisor, Facebook, Zomato links)
• Webhook endpoint URLs and associated secrets you configure
• Billing and subscription information (processed by Stripe or Paddle — see §4)

When you register as a customer we collect:

• Full name and email address
• Password (bcrypt-hashed)
• Mobile phone number (required for phone verification)
• Avatar image (if provided or pulled from Google OAuth)
• OAuth tokens when you sign in with Google

When a Customer submits a review through our platform we collect the star rating (1–5), any written comment (up to 500 characters), the QR code that was scanned, and the timestamp. Reviews are linked to the Customer's account and to the Business being reviewed.

If an Owner enables a review-sync integration (e.g. Google, Tripadvisor, Facebook) we may import publicly available review data from those platforms including reviewer name, profile photo URL, review text, rating, and a link back to the source review. This data is subject to the privacy policies of the respective platforms.

• QR code scan counts (we increment a counter each time a QR code is scanned — we do not log individual scanner device identifiers)
• Session tokens stored in secure HTTP-only cookies
• Server-side logs (IP address, user-agent, request path, timestamp) retained for up to 30 days for security and debugging purposes
• Review nudge delivery and engagement status (sent, clicked, completed)

If you grant browser or app notification permission, we store a push subscription token linked to your account. This token is used solely to send you notifications about your account activity and review nudges.

• Create and maintain your account
• Generate, store, and serve QR codes
• Record and display reviews in the Owner dashboard
• Power the LoopAI insights feature (see §6)
• Sync reviews from connected third-party platforms
• Route outbound webhook events to Owner-configured endpoints
• Enable Owner replies to reviews
• Enforce review cooldown periods per QR code

• Send SMS OTP codes via Twilio to verify phone numbers
• Send email verification links via Resend
• Issue and validate password-reset tokens (expire after 1 hour)
• Maintain session integrity via versioned session tokens

• Send follow-up nudges to Customers (email, SMS, web push) encouraging them to post their Trustloop review on a connected external platform such as Google
• Notify Owners (email, web push) when a new review is submitted

• Manage subscription plans (Starter, Growth, Business, Chain)
• Process payments and enforce plan-level feature limits

• Generate aggregated analytics shown in the Owner dashboard (rating trends, review volume, sentiment breakdown)
• Improve the reliability, performance, and features of the Service

• Comply with applicable laws and respond to lawful requests
• Enforce our Terms of Service and prevent fraud or abuse

We use Resend to deliver transactional emails (verification, password reset, review nudges, new-review notifications). Your email address is transmitted to Resend for this purpose.
Privacy policy: resend.com/legal/privacy-policy

We use Twilio Verify to send SMS OTP codes and Twilio Messaging to send SMS review nudges. Your phone number is transmitted to Twilio for this purpose.
Privacy policy: twilio.com/en-us/legal/privacy

Business logos, QR code images, and thank-you page photos are uploaded to and served from Cloudinary. Images are stored in a Trustloop-owned Cloudinary account.
Privacy policy: cloudinary.com/privacy

We use Google OAuth for optional sign-in. If you connect a Google Business Profile integration we access only the review data you authorise. We do not store Google OAuth refresh tokens beyond what is required by the NextAuth session model.
Privacy policy: policies.google.com/privacy

Billing is handled by Stripe or Paddle depending on your region. Payment card details are entered directly on their hosted pages and are never transmitted to or stored by Trustloop.
Stripe: stripe.com/privacy — Paddle: paddle.com/legal/privacy

When an Owner enables integrations with Google, Facebook, Tripadvisor, or Zomato and a Customer follows a deep link, the Customer is redirected to that platform and subject to its privacy policy. We do not share Customer personal data directly with those platforms.

Owners may configure webhook endpoints or Zapier connections. When a review event occurs, review data (rating, comment, business name, timestamp) is sent to those endpoints. Owners are responsible for the privacy handling of data received via their own webhooks.

We may disclose information if required to do so by law or in response to valid legal process, or to protect the rights, property, or safety of Trustloop, our users, or the public.

Password reset emails, email verification links, phone OTP messages, and critical account security alerts are necessary for operation of the Service and cannot be disabled.

After leaving a review, Customers may receive up to a configured maximum of follow-up nudges via email, SMS, and/or push notification encouraging them to share the review on an external platform. Owners control whether nudges are enabled and the maximum number per visit. Customers can unsubscribe from nudge emails via the unsubscribe link in each message, or by deleting their account.

Owners receive email and/or push notifications when a new review is submitted. These can be managed in the dashboard Settings page.

Owner and Customer account data is retained for as long as the account is active. Upon account deletion we remove personally identifiable information within 30 days, subject to legal or billing obligations that require us to retain certain records longer.

Reviews submitted through Trustloop are retained for the lifetime of the associated business account. If an Owner deletes their account, review data linked to their business is deleted. Customer-authored reviews are anonymised (the link to the Customer account is removed) rather than deleted so that business analytics remain consistent.

Session tokens are deleted on sign-out or when they expire. OTP verification records expire after 10 minutes. Password-reset tokens expire after 1 hour. Email verification tokens expire after 24 hours.

Web server access logs are retained for up to 30 days.