TrustCheck Legal

Data Processing Addendum

Effective date: June 2, 2026. Version: 2026-06-02.

These pages are product policy templates for TrustCheck operations and user consent. They are not legal advice; have qualified counsel review them before production launch.

This Data Processing Addendum describes how TrustCheck processes customer data when providing the platform. It is intended as a baseline addendum and should be reviewed by legal counsel before contractual use.

1. Roles

For most customer content, scan data, evidence, and organization records, the customer is the controller or business and TrustCheck acts as processor or service provider. TrustCheck may act as controller for account administration, billing, fraud prevention, security, legal compliance, and product operations.

2. Processing Instructions

TrustCheck processes customer data according to the customer's use of the platform, these policies, applicable agreements, support instructions, legal obligations, and security requirements.

3. Data Categories

Processed data may include account data, organization data, asset records, scan targets, source code uploads, security findings, evidence files, reports, billing metadata, integration logs, support messages, and audit logs.

4. Security Measures

5. Subprocessors

TrustCheck may use subprocessors for hosting, email, payment, analytics, security, storage, messaging, and integrations. See the Subprocessors page.

6. Deletion And Return

Upon account closure or written request, TrustCheck will delete or return eligible customer data subject to legal, security, backup, audit, billing, fraud-prevention, and contractual retention requirements.

7. Assistance

TrustCheck will provide reasonable assistance for security, privacy, access, deletion, and compliance requests through the support process.