Privacy Policy
Last updated: 3 June 2026
This Privacy Policy explains how TrueSecurix ("we", "us") handles information when you use our identity and document fraud-detection API, website, and dashboard (the "Service"). We take privacy seriously because the Service often processes sensitive identity and financial information on behalf of our customers.
1. Information we handle
- Account information: the email address and company name you provide at signup, and your API key (stored only as a one-way cryptographic hash).
- Verification inputs: images and documents (for example selfies, identity documents, and financial statements) that you or your end users submit to the verification API.
- Results and audit data: the risk score, decision, and evidence produced for each check, plus basic technical logs needed to operate the Service.
- Website enquiries: details you submit through our contact or updates forms.
2. How verification inputs are processed
Submitted images and documents are processed only to perform the fraud and identity check you request. They are analysed in memory and are not stored as files by the Service. For audit and compliance we retain only a one-way cryptographic hash (a non-reversible fingerprint) of each input together with the score, decision, and evidence. We do not use your verification inputs to train models, and we never sell personal data.
3. How we use information
- To provide, secure, and improve the Service and deliver verification results.
- To operate accounts, process billing, prevent abuse, and provide support.
- To meet legal, regulatory, and audit obligations.
4. Roles and your end users
When you submit your end users' data to the Service, you are the controller of that data and we act as your processor. You are responsible for having a lawful basis and the necessary consent to submit it. You should reference TrueSecurix in your own privacy notice where required.
5. Sharing
We share information only with infrastructure and payment providers that help us run the Service, and only to the extent needed, or where required by law. We do not sell your data or your end users' data.
6. Security and location
Data is transmitted over encrypted connections (HTTPS). Access is restricted, API keys are stored hashed, and internal services are not exposed to the public internet. Our infrastructure is hosted in India. No method of transmission or storage is perfectly secure, but we apply reasonable safeguards appropriate to the sensitivity of the data.
7. Retention
Account and audit records are retained for as long as your account is active and as needed for legal and compliance purposes. You may request deletion of your account data, subject to records we must keep by law.
8. Your rights
You may request access to, correction of, or deletion of your personal data by contacting us. We will respond within a reasonable time and in line with applicable law.
9. Changes
We may update this policy and will reflect changes by updating the date above.
10. Contact
Privacy questions or requests: contact@truesecurix.com.