Privacy policy

Last updated: November 1, 2022

What Does This Privacy Policy Cover?

Truepic, (“Truepic,” “we,” “us,” or “our”) provides businesses (our “Clients”) a comprehensive photo and video verification platform. In providing these services, we process the Personal Information of our Clients’ customers (“Users”). Truepic respects the privacy of its Users. We want to be transparent about how we collect and use Personal Information in providing our (i) website (https://truepic.com) and all its subdomains, and all other websites owned, operated or maintained, directly or indirectly, by Truepic and its affiliated companies, (ii) our mobile applications, (iii) online mobile application management platform (together, the “Truepic Sites“) as well as the services we provide to our Clients (the “Truepic Services”). With respect to the Truepic Services, Truepic operates as data processor in that we process Personal Information as directed by our Clients and do not take an independent use of such data.

With that in mind, this Privacy Policy describes:

  • What Personal Information We Collect;
  • How We Use Personal Information;
  • Who We Share Personal Information With;
  • Marketing Communications Preferences;
  • How Long We Store Personal Information;
  • How We Use Cookies and Other Tracking or Profiling Technologies;
  • Our Policy on Children;
  • Our Policy for Data Subjects located in California and other parts of the U.S.;
  • Our Policy for Data Subjects located outside the U.S.;
  • Third Party Links;
  • Legal Disclaimer; and,
  • How to Contact Us.

This Privacy Policy is intended to explain how Truepic collects and processes its Users’ Personal Information in the course of using the Truepic Sites and Truepic Services.

We will post any modifications or changes to this Privacy Policy on this page.

What Personal Information We Collect

We collect Personal Information both directly from you and from third parties. Personal Information is information about an individual that directly or indirectly identifies the person or household (“Personal Information”). Personal Information does not include ‘anonymous data’ (i.e., information which does not relate to an identified or identifiable individual) or ‘anonymized data’ (i.e., previously identifying information where the identity of individual has been permanently removed). Personal Information does include ‘indirect identifiers’ or ‘pseudonymous data’ (i.e., information which alone doesn’t identify an individual but, when combined with certain additional and reasonably accessible information, could be attributed to a particular person).

Personal Information We Collect From You

When you use Truepic’s application or application management platform, we collect your Personal Information on behalf of our Clients, business partners, and third parties. For example, when you take a picture as part of an insurance claim, we collect your Personal Information on behalf of your insurance provider.

We also collect your Personal Information when you interact with us directly on our website. We collect this information through webforms and cookies and similar technologies as described in Section 6 of this policy.

Personal Information that we collect from you is outlined in the table below.

Category of Personal Information Collected What This Means
Identity Data First name, last name, maiden name, username, or similar identifier.
Contact Data Email address and telephone numbers.
Profile Data Username and password, preferences, and feedback tied to Truepic accounts.
Image Data The images, videos, graphics, and other content uploaded to the Truepic Sites for certification and authentication and any metadata attached or related to such content (including the creator, date, time, device, and location of where such content was captured, together with certain contextual media relating to that content. Where we refer to “contextual media” relating to content, as some examples of what this means, we may capture: multiple frames before and after an image is taken using the Truepic applications to help ascertain movement of the camera device, and ambient light sensor and barometric pressure information. Image Data may include sensitive Personal Information such as government ID number when such information is included in the content uploaded via the Truepic Services.
Transaction Data Any details about payments, subscriptions, and services Users have purchased from us, including but not limited to the Truepic Services.
Marketing and Communications Data User preferences for receiving marketing from us and our third parties and user communication preferences.
Technical Data Internet protocol (IP) address, user login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices used to access the Truepic Sites or use the Truepic Services.

Personal Information We Collect from Third Party Sources.

In addition to the Personal Information that we collect directly from our Users, we also collect publicly available Identity Data and Contact Data from social media sites.

Aggregated Consumer Information.

We also collect, use and share “Aggregated Consumer Information“such as statistical or demographic data for any purpose. Aggregated Consumer Information may be derived from an individual’s Personal Information, but once aggregated, no longer constitutes Personal Information. For example, we may aggregate certain Technical Data and Behavioral Data to calculate the percentage of Users accessing a specific feature of the Truepic Sites.

How We Use Personal Information

We use the Personal Information we collect for the following business and commercial purposes:

Purpose Category(ies) of Personal Information Involved Why We Use Data For This Purpose
Account Creation and Maintenance Identity Data
Profile Data
Contact Data
To register new Users and to maintain a user’s account on the Truepic Sites.
Service Provision Identity Data
Profile Data
Image Data
Contact Data
Technical Data
To provide the services and functionalities of the Truepic Sites, including to: authenticate and store the creator, date, time, device, and location of where content a user uploads to the Truepic Sites is captured, and other information that enables us to verify an image.
Payment Processing Identity Data
Contact Data
Transaction Data
To process and manage payments, fees, and charges for any subscriptions a user purchases to the Truepic Sites (or any paid-for portion(s) thereof).
Fraud Prevention Identity Data
Contact Data
Technical Data
To keep the Truepic Sites and Services and associated systems operational and secure.
Troubleshooting Technical Data To track issues that might be occurring on our systems.
Marketing Identity Data
Contact Data
Marketing and Communications Data
To form a view on what we think a user may want or need, or what may be of interest to our Users. This is how we decide which services and offers may be relevant.

Who We May Share Personal Information With

There are certain circumstances under which we may disclose information to third parties. For example, we may share information:

  • With third-party agents and vendors who work on our behalf as sub-processors, provided such third parties agree to adhere to the same privacy principles as Truepic;
  • With Partners, such as companies that we think offer complementary services as Truepic provided such partners agree to adhere to the same privacy principles as Truepic (e.g., marketing events at industry trade shows) where we have your permission.
  • To protect the rights and property of Truepic, our agents, employees, partners, vendors, Clients, and others including enforcement of our agreements, policies, and terms of use;
  • In an emergency, including protection of the personal safety of any person;
  • For the purposes of a business deal (or negotiation of a business deal) involving sale or transfer of all or a part of our business or assets (business deals may include, for example, any merger, financing, acquisition, divestiture, or bankruptcy transaction or proceeding);
  • As required in response to a lawful request by public authorities, including meeting of national security or law enforcement requirements;

Truepic is based in the United States, and recipients of the data disclosures described in this Privacy Policy are located in the United States and elsewhere in the world, including where privacy laws may not provide as much protection as those of your country of residence.  Truepic complies with legal requirements for cross-border data protection, including through the use of European Commission-approved Standard Contractual Clauses and similar contract language required under applicable data protection laws.

The table below describes who we share Personal Information with, what we share and why we share it.

Recipients Category(ies) of Personal Information We Share Why We Share It
Our Hosting Provider All Categories We outsource the hosting of the Truepic Sites and Services. This means that all categories of Personal Information that we process will be held and stored on the servers of our hosted service provider who is contractually required to process such data only as directed by Truepic.
Service Providers Identity Data
Contact Data
Technical Data
Marketing and Communications Data
Our service providers provide us with IT and system administration services who are contractually required to process any Personal Information received from Truepic only as directed by Truepic.
Professional Advisers Identity Data
Contact Data
Our lawyers, bankers, auditors, and insurers provide consultancy, banking, legal, insurance, and accounting services who are contractually required to process any Personal Information received from Truepic only as directed by Truepic.

Marketing Communications Preferences

Some jurisdictions require that we obtain a consent prior to sending marketing messages.

A user can ask us to stop sending marketing messages at any time by:

  • following the opt-out links on any marketing message we send; or
  • contacting us by emailing us at [email protected].or writing to us at TRUEPIC, 402 W Broadway, Suite 400/PMB#5021, San Diego, CA 92101.

Where a user opts out of receiving these marketing messages, this opt-out will not apply to service-related communications or any processing of an individual’s Personal Information involved in sending such communications. Service-related communications may include emails relating to the management of a user’s account, an individual’s use of the Truepic Sites or Services, updates to this Privacy Policy, etc.

Third-party Marketing.

We do not provide your information to third parties for their direct marketing purposes.

Do Not Track.

We may collect information about your usage and activity through cookies as described above. Some web browsers or smartphones have the ability to set “Do Not Track” requests to block user activity from being tracked across web pages or devices. The Truepic sites do not recognize “Do Not Track” browser signals.

How Long We Store Personal Information

We will retain Personal Information only for so long as reasonably needed for the purposes set out above unless a longer retention period is required by law.

How We Use Cookies & Other Tracking or Profiling Technologies

What are cookies?

We may collect information using “cookies”. Cookies are small data files stored on the hard drive of an individual’s computer or mobile device by a website. We may use both session cookies (which expire once individuals’ close their web browser) and persistent cookies (which stay on an individual’s computer or mobile device until you delete them) to provide you with a more personal and interactive experience on the Truepic Sites.

We use two broad categories of cookies:

  • First party cookies, served directly by us to an individual’s computer or mobile device; and
  • Third party cookies, which are served by our partners or service providers on the Truepic Sites.

How We Use Cookies

The Truepic Sites uses the following types of cookies for the purposes set out below:

Type of Cookie Purpose
Essential Cookies These cookies are essential to provide the services available through the Truepic Sites and to enable individuals to use some of its features. For example, they allow individuals to log in to secure areas of the Truepic Sites and help the content of the pages the user request to load quickly. Without these cookies, the services an individual has asked for cannot be provided, and we only use these cookies to provide those services.
Functionality Cookies These cookies allow the Truepic Sites to remember choices individuals make when they use the Truepic Sites, such as remembering an individual’s language preferences, remembering an individual’s log-in details, and remembering the changes an individual makes to other customizable parts of the Truepic Sites. These cookies provide a more personal experience and avoid individuals having to re-enter their preferences every time they visit the Truepic Sites.
Analytics and Performance Cookies These cookies are used to collect information about traffic to the Truepic Sites and how Users use the Truepic Sites. The information gathered via these cookies does not “directly” identify any individual visitor. However, it may render such visitors “indirectly identifiable”. This is because the information collected is typically linked to a pseudonymous identifier associated with the device an individual uses to access the Truepic Sites. The information collected is aggregated – it includes the number of visitors to the Truepic Sites, the websites that referred them to the Truepic Sites, the pages they visited on the Truepic Sites, what time of day they visited the Truepic Sites, whether they have visited the Truepic Sites before, and other similar information. We use this information to help operate the Truepic Sites more efficiently, to gather broad demographic information and to monitor the level of activity on the Truepic Sites. We use Google Analytics and New Relic for this purpose, and these companies use their own cookies which may contain a pseudonymous ID which is considered Personal Information and may be considered a sale of data in the state of California and other U.S. states. These cookies are used to better understand and improve how the Truepic Sites work.

You can discover more information about Google Analytics cookies here: Google Analytics Cookies.

You can discover more about how Google protects an individual’s data here: Google Privacy Information.

New Relic provides a platform for monitoring the performance of web and mobile applications. You can learn more about New Relic cookies here: New Relic Cookies.
Social Media Cookies These cookies are used when an individual shares information using a social media sharing button or “like” button on the Truepic Sites or links an individual’s account or engages with our content on or through a social networking website such as Facebook, Twitter, or LinkedIn. The relevant social network will record when a user does this.

Disabling cookies

A user can typically remove or reject cookies via browser settings. This can be done by following the instructions provided by the web-browser (usually located within the “settings”, “help” “tools” or “edit” facility).  Many browsers are set to accept cookies until a user changes these settings.

If an individual does not accept our cookies, the individual may experience some inconvenience in the use of the Truepic Sites. For example, we may not recognize the computer or mobile device in use and may require a new log in every time our Users visit the Truepic Sites.

For more information on how to customize browser Cookie settings, please visit the relevant link below:

For further information about cookies, including how to see what cookies have been and how to manage and delete them visit allaboutcookies.org.

You can also prevent the use of Google Analytics relating to your use of the Truepic Sites by downloading and installing the browser plugin available via this link: https://tools.google.com/dlpage/gaoptout?hl=en-GB

Our Policy on Children

The Truepic Sites and Services are intended for Users who are 18 years or older and we do not knowingly collect information from children under 18 years old. If we become aware that we have collected information from a child under 18 years old, we will delete such information from our records. If you are a parent or legal guardian and believe your child has given us information and you did not provide consent, please email us at [email protected] for assistance.

California and Other U.S. Data Subjects

The California Consumer Privacy Act (CCPA) provides additional privacy protections for California consumers, including: a) the right to see what data we have about you, your computer or device (i.e., the right to know), b) the right to delete the data we have about you, your computer or device (i.e., the right to delete) and c) the right to opt-out of the sale of data about you, your computer or device to certain third parties (i.e., the right to opt-out from sales of your information). Many other states have or will soon adopt similar privacy laws. We do not discriminate against you if you exercise any of the above rights. Moreover, we may not be able to honor a right if doing so would violate applicable law.

If you are a Client or partner of Truepic and have questions about your ability to see the data used to login to our systems, we ask that you direct your question to the person that owns the business relationship. If you are a User and want to see what data we may have obtained about you on behalf of one of our Clients, kindly reach out to that individual Client – keeping in mind that any information that we have is typically provided by Clients and/or their Users.

Regardless of where you reside, you may access those rights with respect to Truepic by clicking the link entitled “data subject access request” in the footer at the bottom of this page, or calling our California privacy helpline at +1 (888) 572-0516. As a California data subject, if you make a subject access request as set out in this policy, you are entitled to see and delete the personal information that we have about you. We will confirm your request within 10 business days and make a good faith attempt to fulfill your request within 45 days.

The CCPA and most other state laws define personal information broadly and as such, it includes pseudonymous identifiers such as cookie IDs and mobile advertising IDs. Under the CCPA, your request to see the personal information that we have about you may include: (1) specific pieces of personal information that we may have about you; (2) categories of personal information we have collected about you; (3) categories of sources from which the personal information is collected; (4) categories of personal information that we sold or disclosed for a business purpose about you; (5) categories of third parties to whom the personal information was sold or disclosed for a business purpose under the CCPA; and (6) the business or commercial purpose for collecting or selling personal information.

We may take reasonable steps to verify your request. We will fulfill requests we are able to verify so long as we are not prohibited from doing so by applicable law and/or the information is not essential for us for billing, fraud prevention or security purposes. We will share our reason(s) for denying your request in the event that we are unable to fulfill your request.

You may make an access or deletion request via an authorized agent by having such agent follow the process outlined above. Please note that we will request any authorized agent demonstrate that they have been authorized by you to make a request on your behalf. And we will attempt to verify your request. We require any authorized agents to provide us with contact details such as an email address and phone number so that we may ensure a timely response.

Data Subjects Located Outside the U.S.

While most of our Clients are located in the United States, their Users may use the Truepic Service while travelling outside the U.S. where different privacy and data protection laws apply. For example, the General Data Privacy Regulation (“GDPR”) affords additional rights to EEA data subjects and the UK, Switzerland and Brazil have each enacted similar data protection laws to the GDPR. Places such as Canada and Japan have also adopted similar data protection laws. For the purposes of this privacy policy, we’ll refer to the GDPR to indicate the respective data protection laws in each of those places and use the term “personal data” which is very similar to the Personal Information defined herein.

The Truepic Sites and Services collect a limited data set on data subjects located outside of the United States (e.g., in the UK, EEA, Switzerland.) We typically collect this data when our Clients’ Users leverage the Truepic Sites and Services from outside the U.S. For example, if a User accesses the Truepic Sites and Services from outside the U.S. to upload a photo after a car accident, this will may implicate the data protection laws of the place from which the User is currently located.

As an EEA, UK, or Swiss data subject (and in many other places), you have the right – partly under certain conditions:

  • to request information about the processing of your data free of charge, as well as the receipt of a copy of your personal data;
  • to request information on the purposes of the processing, the categories of personal data being processed, the recipients of the data (if they are passed on), the duration of the storage or the criteria for determining the duration;
  • to correct your data. Should your personal data be incomplete, you have the right to complete the data, taking into account the processing purposes;
  • to delete or block your personal data. Reasons for the existence of a cancellation/blocking right can be, among others, the revocation of the consent on which the processing is based, the data subject objects to the processing, the personal data were processed unlawfully;
  • to restrict the processing of your personal data;
  • to object the processing of your personal data;
  • to revoke your consent to the processing of your personal data in the future, and;
  • to complain to the competent supervisory authority about inadmissible data processing.

You may access those rights with respect to Truepic by contacting us at [email protected] and/or as you login to our systems as a Client or User. We may receive certain personal data from the personnel of our Clients and partners where such personnel is located in the EEA or other places outside of the United States. For example, some Clients and partners may provide email and login credentials to login to our systems. We encourage the personnel of such partners to first reach out to the person that manages the business relationship between Truepic and your organization. If you are a User and want to see what data we may have obtained about you on behalf of one of our Clients, kindly reach out to that individual Client – keeping in mind that any information that we have is typically provided by Clients and/or their Users.

The legal basis for processing data collected via Truepic.com is our legitimate interest. Where we rely upon legitimate interest, we have assessed the processing is not high risk, does not involve the processing of sensitive data or the creation of intrusive profiles. The rest of the personal data processed via the Truepic Sites and Services is processed as a “data processor” – meaning that we process such data per the instructions of our Clients and for no other purpose.

Information Security

The security of your information is important to us, including but not limited to the Personal Information collected via the Truepic Sites and Services. Truepic has implemented reasonable security measures to protect the information, both during transmission and once it is received. This includes but is not limited to the use of firewalls and encryption. No method of transmission over the Internet or method of electronic storage is 100% secure; therefore, while the company strives to use commercially acceptable means to protect your information, it cannot guarantee absolute security. If you have any questions about these security practices, please email [email protected].

Third Party Links

The Truepic Sites may include links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share your Personal Information. We do not control these third-party websites and are not responsible for their privacy statements. When you leave the Truepic Sites, we encourage you to read the privacy policy of every site you visit.

Legal Disclaimer

Nothing in this Privacy Policy restricts our ability to:

  • Comply with federal, state, or local laws;
  • Comply with a civil, criminal, or regulatory inquiry, investigation, subpoena, or summons by federal, state, or local authorities;
  • Cooperate with law enforcement agencies concerning conduct or activity that the business, service provider, or third party reasonably and in good faith believes may violate federal, state, or local law; or
  • Exercise or defend legal claims.

How to Contact Us

To contact us or make a complaint regarding this Privacy Policy or our practices in relation to Personal Information, please contact us at: [email protected] or write us at Truepic, 402 W Broadway, Suite 400/PMB#5021, San Diego, CA 92101.

Truepic, Inc., 2022