Last updated: April 2026
This Privacy Policy is prepared in compliance with the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (SPDI Rules), and applicable data protection norms in India.
TruthDeck is a SaaS platform providing AI-powered startup verification, due diligence tools, and investor intelligence. Operated by TruthDeck, India. Contact: truthdeck.hq@gmail.com. This Privacy Policy explains what personal information we collect, how we use it, to whom we disclose it, how it is secured, and your rights over it.
We collect the following categories of information: (a) Identity & Account Data — your full name, email address, and profile photo when you sign in via Google OAuth; (b) Payment Data — your phone number (used for Indian payment authentication via Cashfree), billing country, and payment reference numbers. We do not store card numbers, CVVs, or bank account credentials — these are handled exclusively by our payment processors; (c) Usage & Behavioural Data — pages visited, startups viewed, search queries, features used, session duration, and device/browser type; (d) User-Generated Content — due diligence notes, deal flow pipeline entries, cap table data, watchlists, uploaded documents in your data room, and any text you submit via AI chat; (e) Communications — emails you send to us at truthdeck.hq@gmail.com.
Under the SPDI Rules, 2011, we may collect financial information to the extent required to process your payment (phone number for OTP-based payment authentication). We do not collect passwords, biometric data, medical records, sexual orientation, or other SPDI categories beyond what is strictly necessary. Financial transaction data is processed by regulated payment processors (Cashfree, Stripe) under their own privacy obligations.
We use your information strictly for the following purposes: (a) to provide, maintain, and improve the TruthDeck platform; (b) to process payments and manage subscription access; (c) to send transactional communications — payment confirmations, subscription renewal notices, refund confirmations; (d) to send product update emails if you have opted in; (e) to monitor platform security, detect fraud, and prevent abuse; (f) to comply with legal obligations under applicable Indian law; (g) to respond to your support and billing queries.
We do not sell, rent, or trade your personal data to any third party. We share your information only with the following categories of recipients and only to the extent necessary: (a) Payment Processors — Cashfree Payments (India) and Stripe Inc. (international) receive your email address and payment details solely for transaction processing, subject to their own privacy policies and PCI-DSS compliance; (b) Cloud Infrastructure — Supabase (PostgreSQL database hosted on AWS) stores your account data encrypted at rest; (c) Email Service — Resend (email delivery provider) receives your email address to deliver transactional messages; (d) AI Processing — OpenAI processes anonymised startup descriptions for generating TruthScores. We do not send your personal account data to OpenAI; (e) Legal Authorities — we may disclose your information when required by law, court order, or competent regulatory authority in India.
Disclosure to third parties occurs via encrypted API connections (TLS 1.2 or higher) on a need-to-know basis. Contracts with sub-processors include data protection obligations. No personal data is disclosed to advertisers, data brokers, or marketing platforms.
Your data is stored on Supabase (PostgreSQL), hosted on AWS infrastructure in the us-east-1 region (United States). By using TruthDeck, you consent to the transfer and processing of your data outside India. We ensure such transfers are governed by appropriate data protection safeguards. Payment data remains within the jurisdiction of your payment processor (Cashfree for India, Stripe for international).
We implement the following security measures in accordance with the SPDI Rules and industry best practices: (a) TLS 1.2+ encryption for all data in transit; (b) AES-256 encryption for data at rest via Supabase; (c) Row-Level Security (RLS) policies on all database tables — users can only access their own data; (d) JWT-based session authentication via Supabase Auth; (e) No storage of payment credentials — all card/bank data processed by PCI-DSS compliant processors; (f) Regular security reviews. Despite these measures, no system is completely secure. Report any security vulnerability to truthdeck.hq@gmail.com.
We use only first-party session cookies set by Supabase Auth for authentication and session persistence. We do not use: third-party advertising cookies, tracking pixels, Google Analytics, Facebook Pixel, or any cross-site tracking technologies. You may disable cookies in your browser settings, but this will prevent you from logging in.
Under applicable Indian law and best privacy practice, you have the right to: (a) Access — request a copy of the personal data we hold about you; (b) Correction — request correction of inaccurate or incomplete data; (c) Deletion — request deletion of your account and associated personal data (subject to legal retention obligations); (d) Data Portability — request an export of your user-generated content; (e) Withdrawal of Consent — withdraw consent for data processing, which will result in termination of your account. To exercise any of these rights, email truthdeck.hq@gmail.com. We will respond within 30 days.
We retain your personal account data for as long as your account is active. Upon account deletion, personal data is removed within 30 days except: (a) payment and transaction records, retained for 7 years as required under Indian tax law (Income Tax Act, GST regulations); (b) data we are legally required to retain by court order or regulatory requirement.
TruthDeck is not directed at or intended for use by individuals under 18 years of age. We do not knowingly collect personal information from minors. If we become aware that a minor has provided us with personal information, we will delete it promptly.
In accordance with the Information Technology Act, 2000 and SPDI Rules, 2011, a Grievance Officer is designated to address complaints and concerns regarding this Privacy Policy. Name: TruthDeck Privacy Team. Email: legal@truthdeck.xyz. We will acknowledge your grievance within 24 hours and resolve it within 30 days.
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated effective date. If we make material changes to how we handle your personal data, we will notify active users by email. Continued use of the Service after changes constitutes acceptance of the revised Policy.
For users in the European Economic Area, United Kingdom, or other jurisdictions where GDPR or equivalent law applies, we process your personal data under the following legal bases: (a) Performance of Contract — processing your email, payment details, and account data is necessary to provide the subscription service you have purchased; (b) Legitimate Interests — we process usage and behavioural data to maintain platform security, prevent fraud, and improve service quality. We have assessed that our legitimate interests are not overridden by your rights and freedoms; (c) Compliance with Legal Obligations — we retain transaction records as required by applicable tax and financial regulations; (d) Consent — where we send optional product update emails, we rely on your consent, which you may withdraw at any time by emailing legal@truthdeck.xyz.
For privacy-related questions, data requests, or complaints: legal@truthdeck.xyz. Postal contact available on request.