Privacy Policy

Our core principle: we can't lose what we never hold

TrueID does not store images of your passport, driver’s license, Social Security card, or other identity documents. We deliberately avoid becoming a tempting target. The less sensitive data we hold, the less that can ever be exposed.

Information we collect

• Account information: when you create an account, our authentication provider (Clerk) stores your email address and login credentials. We never see or store your password.
• Usage data: basic, privacy-respecting information about how the app is used (for example, which features are opened) so we can keep TrueID working and improve it.
• Information you choose to enter: items you add to your privacy checklist or data-broker tracker. This is scoped to your account and locked to you at the database level.
• Technical data: standard server logs (such as IP address and browser type) used for security, abuse prevention, and rate limiting.

Sensitive checks stay private by design

When you check a password, it is tested using a privacy-preserving method (k-anonymity) that never sends your actual password anywhere. When you run a breach check, we do not store or log the email address you look up. These checks are designed so that the sensitive value never leaves your control.

How we use your information

• To provide and operate the service you signed up for.
• To secure your account and prevent fraud and abuse.
• To communicate with you about your account, security alerts, and service updates.
• To improve TrueID based on aggregated, non-identifying usage patterns.

We do not sell your data

We do not sell, rent, or trade your personal information. We share data only with the service providers who help us run TrueID (see below), and only as needed to deliver the service.

Service providers we rely on

• Clerk — secure user authentication and login.
• Supabase — encrypted database hosting for your account data.
• Vercel — application hosting and delivery.
• Have I Been Pwned — the breach and password-exposure data sources used by our checks.

Data security

Connections to TrueID are encrypted in transit (HTTPS) with strict security headers. Your data is scoped to your account at the database level, so one person can never see another’s data. Secret keys live only on our servers and are never shipped to your browser. No service can promise that a breach will never happen, but we work hard to reduce that risk.

Your rights and choices

• Access and correction: you can view and update your account information at any time.
• Deletion: you can delete your account and associated data at any time, for any reason.
• Marketing: you can opt out of non-essential emails while still receiving important security and account messages.
• Depending on where you live (for example, the EU/UK under GDPR or California under the CCPA/CPRA), you may have additional rights to access, port, or delete your data. Contact us to exercise them.

Children’s privacy

TrueID is not intended for children under 13 (or the minimum age required in your country), and we do not knowingly collect their information.

Changes to this policy

We may update this policy as the service evolves. We will update the “last updated” date above and, for material changes, notify you in the app or by email.

Contact

Questions or requests about your privacy can be sent to support@trueid.help. TrueID.Help is operated by Smith Medical, P.C.