SOC 2 Type II Certified. We mean it.

Our Privacy Policy.
We Actually Read Ours.

We help organizations screen for financial crime for a living. The last thing we'd do is mishandle your personal data. What follows is our complete, unmodified privacy policy. No tricks. No dark patterns. Just the truth. It's literally our name.

Effective: January 1st, 2010
Last Updated: 29 April 2026
Questions? privacy@truthtechnologies.com

Introduction

Truth Technologies, Inc. ("Truth Technologies," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy describes how we collect, use, disclose, and safeguard personal data when you use our Sentinel™ customer verification platform and related services (collectively, the "Services").

As a provider of AML, KYC, OFAC, and compliance screening solutions, Truth Technologies operates primarily as a data processor — processing personal data on behalf of our clients (the data controllers) in accordance with their documented instructions and our service agreements.

This Privacy Policy applies to personal data processed in connection with our Services. It does not apply to information collected through other means, such as through our general marketing website, except where noted.

Categories of Personal Data We Process

Data Provided by Our Clients

Truth Technologies may receive the following categories of personal data from our clients in connection with providing the Services:

  • Biographical information (e.g., full name, date of birth)
  • Contact information (e.g., address, phone number, email address)
  • National identification numbers and information contained on identity documents
  • Business-related information (e.g., employer, job title, company affiliation)
  • Any additional information our clients specifically provide on a case-by-case basis

Account and Platform Information

When client representatives and administrators access our platform, we may collect:

  • Account registration details (e.g., name, email address, job title, company name)
  • Payment information, processed securely through our third-party payment processor; we do not store full payment card details
  • Communications and correspondence when you contact our support team or participate in surveys

Automatically Collected Information

When you access or use our platform, we may automatically collect:

  • Usage data: features accessed, actions taken, and time spent on the platform
  • Device and technical information: browser type, operating system, IP address
  • Cookies and similar technologies (see the Cookies section below)

Basis and Purposes of Processing

Within the scope of this Privacy Policy, Truth Technologies acts as a data processor. We process personal data exclusively for the purposes of providing the Services to our clients, pursuant to the terms of our service agreements and clients' documented instructions.

We use personal data to:

  • Deliver, maintain, and improve the Services
  • Process transactions and send related notices
  • Send technical updates, security alerts, and support messages
  • Respond to inquiries and requests from clients and data subjects
  • Monitor platform performance, analyze usage trends, and detect issues
  • Prevent and address fraud, security incidents, and abuse
  • Comply with applicable legal and regulatory obligations
  • Conduct our internal SOC 2 audit activities and maintain compliance certifications

For GDPR purposes, we rely on the following legal bases: performance of our contract with clients, our legitimate interests in operating and improving the Services, compliance with legal obligations, and (where applicable) your consent.

Sharing Personal Data

We do not sell personal data. We do not rent, lease, or share personal data for third-party marketing purposes. We may share personal data only in the following limited circumstances:

Service Providers

We engage trusted service providers who process personal data on our behalf solely to enable us to deliver the Services. These include providers of hosting, cloud storage, and infrastructure services. All service providers are contractually bound to protect personal data and to use it only for the purposes we specify.

Data Privacy Framework Compliance

We require our service providers to adhere to the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, or to provide an equivalent level of protection. Truth Technologies remains responsible and liable under the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF if any third-party agents that it engages to process the personal data on our behalf do so in a manner inconsistent with the Principles, unless Truth Technologies is not responsible for the event giving rise to the damage.

Legal and Compliance Disclosures

We may disclose personal data when required by law, court order, or government authority, or when we believe disclosure is necessary to protect the rights, property, or safety of Truth Technologies, our clients, or others. Where permitted by law, we will endeavor to notify the affected client of any legally binding request for disclosure of personal data.

Data Retention

90-day rule: We will use reasonable efforts to delete personal data submitted to us by our clients within 90 days of the termination of the applicable service agreement, unless a different retention period is required by applicable law or expressly agreed in writing. We retain account and platform-usage information for as long as necessary to provide the Services and for a reasonable period thereafter to comply with legal obligations.

Cookies and Tracking Technologies

We use cookies and similar technologies on our platform to:

  • Maintain your authenticated session and keep you logged in
  • Remember your preferences and platform settings
  • Understand how the platform is used and identify areas for improvement
  • Detect security incidents and prevent fraudulent activity

For more information on the cookies we use and how to manage your cookie preferences, please see our Cookie Policy.

Security

Truth Technologies employs reasonable and appropriate physical, technical, and organizational safeguards designed to protect personal data from unauthorized access, disclosure, alteration, loss, and destruction. We take into account the nature of the data and the risks involved in its processing.

As part of our commitment to security, Truth Technologies participates in SOC 2 audits, which independently examine our security policies and procedures including their alignment with the EU-U.S. DPF, the UK Extension, and the Swiss-U.S. DPF.

In the event of a data breach affecting client data, affected clients will be notified in accordance with applicable law and the terms of our service agreements.

Please note that no method of electronic transmission or storage is completely secure. While we strive to protect personal data using commercially reasonable means, we cannot guarantee absolute security.

International Data Transfers & Data Privacy Framework

Truth Technologies is based in the United States. Personal data processed in connection with our Services may be transferred to and processed in the United States.

Truth Technologies complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Truth Technologies has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. Truth Technologies has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Truth Technologies commits to resolve DPF Principles-related complaints about our collection and use of your personal information. EU and UK individuals and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF should first contact Truth Technologies at https://truthtechnologies.com/contact, or by postal mail at: Truth Technologies, Privacy Officer, 5150 Tamiami Trail N., Suite 500, Naples, FL 34103. Please allow up to four weeks for a reply.

Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal data, including the right to:

  • Access the personal data we hold about you
  • Correct inaccurate or incomplete personal data
  • Request deletion of your personal data
  • Object to or request restriction of processing
  • Request data portability
  • Withdraw consent where processing is based on consent

Because Truth Technologies processes personal data on behalf of our clients, if you are a data subject whose information was provided to us by one of our clients, please contact that organization directly to exercise your rights. We will work with our clients to support the honoring of data subject requests to the extent reasonably practicable.

California Residents (CCPA)

California residents have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect and how it is used, and the right to opt out of the sale of personal information. Truth Technologies does not sell personal information.

European and UK Residents (GDPR)

EU and UK individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF or its UK Extension should contact us at the details below. Please allow up to four weeks for a response.

Dispute Resolution

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Truth Technologies commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to American Arbitration Association, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://go.adr.org/dpf_irm.html for more information or to file a complaint. The services of American Arbitration Association are provided at no cost to you.

Where a complaint cannot be resolved by any of the recourse mechanisms mentioned above, individuals may have a right under certain conditions to invoke binding arbitration under the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF as recourse mechanism of "last resort". If you are a resident of the European Union whose personal data we process, you may also have the right to file a complaint with a data protection regulator in one or more of the EU Member States.

Government Enforcement

Truth Technologies Inc. is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). Under Section 5 of the Federal Trade Commission Act (15 U.S.C. § 45), an organization's failure to abide by commitments to implement the DPF Principles may be challenged as deceptive by the FTC. The FTC has the power to prohibit such misrepresentations through administrative orders or by seeking court orders.

Children's Privacy

Our Services are designed for business use and are not directed at children. We do not knowingly process personal data of children under the age of 13 (or 16 in the EEA). Children should always obtain permission from a parent or guardian before sharing personal data over the Internet. If you believe a child has provided us with personal data, please contact us at privacy@truthtechnologies.com and we will take reasonable steps to delete it.

Changes to This Privacy Policy

Truth Technologies reserves the right to update or revise this Privacy Policy at any time. We will notify you of material changes by posting the updated policy on our website and updating the "Last Updated" date at the top of this document. We encourage you to review this Privacy Policy periodically.

Contact Information

If you have questions, comments, or concerns about this Privacy Policy or our privacy practices, please contact us:

Truth Technologies, Inc.
Attention: Privacy Officer
5150 Tamiami Trail N., Suite 500
Naples, FL 34103 USA
Phone: (866) 691-3867
Email: privacy@truthtechnologies.com
Web: https://truthtechnologies.com/contact/

EU Representative

Truth Technologies' Privacy Officer serves as the company's EU Representative pursuant to Article 27 of the GDPR. The Privacy Officer may be contacted by EU/UK supervisory authorities and data subjects regarding matters related to the processing of personal data, using the contact information above.