Privacy Policy

Last updated: April 29, 2026

This Privacy Policy describes how LowerPlane, Inc. (“TruePrivacy”, “we”, “us”, or “our”) collects, uses, and discloses information about you when you use our website at trueprivacy.io and our privacy compliance platform (collectively, the “Services”). We are committed to protecting your personal data and complying with applicable privacy laws, including the GDPR, CCPA, and India's Digital Personal Data Protection Act, 2023 (DPDP Act).

By accessing or using our Services, you agree to the collection and use of information as described in this policy. If you disagree with any part of this policy, please discontinue use of our Services.

1. Information We Collect

We collect information you provide directly to us, information we collect automatically when you use our Services, and information from third-party sources.

1.1 Information You Provide

  • Account information: name, work email address, company name, job title, and password when you register.
  • Billing information: payment card details, billing address, and VAT/GST number processed via our payment provider (Stripe). We do not store full card numbers.
  • Communications: messages you send us via contact forms, email, or support channels.
  • Profile data: preferences, settings, and any other information you add to your account.

1.2 Information Collected Automatically

  • Usage data: pages visited, features used, actions taken, time spent, and navigation patterns.
  • Device and technical data: IP address, browser type and version, operating system, device identifiers, and referral URLs.
  • Log data: server logs including request timestamps, error logs, and API call details.
  • Cookie data: see our Cookies section below for details.

1.3 Information from Third Parties

  • Identity and professional information from OAuth providers (Google, Microsoft) if you use SSO.
  • Enrichment data from business information providers for lead qualification purposes.
  • Information from partners who refer customers to us.

2. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and improve our Services, including processing your account registration and managing your subscription.
  • Process payments and send billing-related communications including invoices and receipts.
  • Respond to your inquiries, provide customer support, and send service notifications.
  • Send you product updates, security alerts, and administrative messages (these are essential service communications).
  • Send you marketing communications about TruePrivacy products and features, where you have consented or where we have a legitimate interest (you may opt out at any time).
  • Monitor, analyze, and improve the performance, security, and functionality of our Services.
  • Detect, prevent, and investigate fraud, security incidents, abuse, and violations of our Terms of Service.
  • Comply with our legal obligations, resolve disputes, and enforce our agreements.
  • Conduct research and analysis to understand how our Services are used and to develop new features.

Legal bases for processing (GDPR): We process your data based on contract performance (to provide the Services), legitimate interests (security, fraud prevention, marketing to existing customers), legal obligation (compliance, tax), and consent (marketing to prospects, analytics cookies).

3. Data Sharing

We do not sell your personal data. We may share your information in the following circumstances:

3.1 Service Providers

We engage trusted third-party service providers who process data on our behalf, including:

  • Cloud infrastructure: AWS, Google Cloud Platform
  • Payment processing: Stripe
  • Customer support: Intercom, Freshdesk
  • Analytics: Mixpanel, PostHog
  • Email delivery: SendGrid
  • Error monitoring: Sentry

All service providers are bound by data processing agreements and are prohibited from using your data for their own purposes.

3.2 Business Transfers

If TruePrivacy is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your data becomes subject to a materially different privacy policy.

3.3 Legal Requirements

We may disclose your information when required by law, court order, or governmental authority, or when necessary to protect the rights, property, or safety of TruePrivacy, our customers, or the public.

4. Data Retention

We retain personal data for as long as necessary to provide our Services and fulfill the purposes described in this policy, unless a longer retention period is required by law.

  • Account data: retained for the duration of your subscription plus 90 days after account closure, to allow for reactivation.
  • Billing records: retained for 7 years for tax and accounting compliance.
  • Support communications: retained for 3 years.
  • Usage logs: retained for 90 days.
  • Marketing data: retained until you withdraw consent or opt out.
  • Legal hold: data may be retained longer if required for legal proceedings or regulatory investigations.

Upon account deletion, we will delete or anonymize your personal data within 30 days, except where we are required to retain it by law.

5. Your Rights

Depending on your location and applicable law, you may have the following rights regarding your personal data:

5.1 Rights Under GDPR (EEA/UK Residents)

  • Right of access: request a copy of the personal data we hold about you.
  • Right to rectification: correct inaccurate or incomplete data.
  • Right to erasure: request deletion of your data in certain circumstances.
  • Right to restrict processing: ask us to limit how we use your data.
  • Right to data portability: receive your data in a structured, machine-readable format.
  • Right to object: object to processing based on legitimate interests or for direct marketing.
  • Rights related to automated decision-making: not be subject to solely automated decisions that significantly affect you.

5.2 Rights Under CCPA (California Residents)

  • Right to know what personal information we collect, use, disclose, and sell.
  • Right to delete your personal information.
  • Right to opt out of the sale or sharing of your personal information (we do not sell personal information).
  • Right to non-discrimination for exercising your privacy rights.
  • Right to correct inaccurate personal information.
  • Right to limit use of sensitive personal information.

5.3 Rights Under DPDP Act (India Residents)

  • Right of access to your personal data and information about its processing.
  • Right to correction and erasure of inaccurate or unnecessary personal data.
  • Right to grievance redressal.
  • Right to nominate another person to exercise rights on your behalf.
  • Right to withdraw consent at any time.

To exercise any of these rights, please email us at privacy@trueprivacy.io. We will respond within 30 days (or as required by applicable law). We may need to verify your identity before processing your request.

6. Cookies

We use cookies and similar tracking technologies to operate and improve our Services. Cookies are small text files placed on your device.

Types of Cookies We Use

  • Strictly necessary: required for the Services to function (authentication, session management, security). These cannot be disabled.
  • Functional: remember your preferences and settings to provide a personalized experience.
  • Analytics: help us understand how visitors use our website (e.g., PostHog, Mixpanel). These are only set with your consent.
  • Marketing: used to deliver relevant advertisements and track campaign effectiveness. Only set with your consent.

You can manage your cookie preferences at any time through our cookie consent manager (available at the bottom of our website). You may also control cookies through your browser settings, though this may impact some functionality.

7. Security

We implement appropriate technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit (TLS 1.2+) and at rest (AES-256).
  • Multi-factor authentication for platform access.
  • Regular security assessments and penetration testing.
  • Role-based access controls and least-privilege principles.
  • Incident response procedures and breach notification protocols.

While we take security seriously, no system is completely secure. Please contact security@trueprivacy.io if you discover a security vulnerability.

8. Children's Privacy

Our Services are not directed to children under the age of 18. We do not knowingly collect personal data from children under 18. If we become aware that we have inadvertently collected personal data from a child under 18, we will take steps to delete that information as soon as possible. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at privacy@trueprivacy.io.

9. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by email (if you have an account) or by posting a prominent notice on our website at least 30 days before the change takes effect. The “Last updated” date at the top of this policy indicates when it was last revised. We encourage you to review this policy periodically.

10. Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us:

LowerPlane, Inc.

2261 Market Street STE 18423, San Francisco, CA 94114, United States

Privacy inquiries: privacy@trueprivacy.io

General contact: hello@trueprivacy.io

We aim to respond to all privacy requests within 30 days. If you are in the EEA and unsatisfied with our response, you have the right to lodge a complaint with your local supervisory authority.