Privacy Policy
Effective date: 16 June 2026 · TrustLoop Ltd, United Kingdom
Plain English summary
TrustLoop is a governance tool deployed by your organisation. When you use the TrustLoop browser extension, your employer (the TrustLoop account holder) can see what AI tools you use and what you type into them. TrustLoop itself does not sell or share this data with anyone outside your organisation.
1. Who we are
TrustLoop Ltd is a UK company providing AI governance infrastructure. Our product intercepts, logs, and governs AI tool calls made by software agents and employees. Contact: hello@trustloop.live.
2. What data we collect
- Tool call data — name and parameters of AI tool calls made by agents
- Chat messages — via the browser extension: text of messages sent to AI chat interfaces (ChatGPT, Claude.ai, Gemini, Copilot, Perplexity, Poe)
- Employee identifier — optionally, your name or work email, configured by you in the extension popup
- Metadata — timestamp, AI platform, page URL, model name where available
- Account data — name, work email, and company name from signup
- Approximate location — country and city derived from your IP address at signup, used for fraud prevention and product analytics. We do not store your raw IP address.
We do not collect AI responses, passwords, payment card numbers (handled by Stripe), or data from non-AI websites.
3. PII masking
Before storing any prompt or tool call argument, TrustLoop automatically detects and masks email addresses, phone numbers, credit card numbers, UK National Insurance numbers, US Social Security Numbers, IBANs, and API keys. The masked version is what gets stored — not the original.
4. Who can see your data
- Your organisation — the TrustLoop account holder can see all logged activity for their tenant
- TrustLoop Ltd — we have read access for support and operational purposes only. We do not access customer data except as required to provide the service
- Third parties — we do not sell, rent, or share data with third parties for advertising
- Supabase — our database provider (GDPR-compliant, data stored in EU region)
- Polygon blockchain — a SHA-256 hash of hourly log batches is anchored on-chain for tamper-proof audit integrity. No prompt content or personal data is included in the blockchain record
5. Data retention
- Free plan: 7 days
- Starter plan: 30 days
- Growth plan: 90 days
- Business plan: 1 year
- Enterprise: defined in MSA
6. Browser extension
The TrustLoop browser extension monitors your use of AI chat interfaces and reports activity to the TrustLoop server configured by your organisation. The extension:
- Injects a script that intercepts outgoing requests to monitored AI platforms
- Captures message text when you send a prompt to ChatGPT, Claude.ai, Gemini, Copilot, Perplexity, or Poe
- Does not monitor general web browsing or any non-AI sites
- Can be paused at any time using the toggle in the extension popup
- Only activates after you enter a TrustLoop API key provided by your organisation
7. Your rights (GDPR / UK GDPR)
You have the right to access, correct, delete, restrict, or port your personal data. To exercise these rights, email hello@trustloop.live. We respond within 30 days. Where your employer is the data controller, some requests must be directed to them.
8. Security
All data is transmitted over TLS. Data at rest is encrypted by Supabase. API keys are stored as hashed values. We follow OWASP best practices and conduct regular security reviews.
9. Cookies
Our website and dashboard do not use tracking cookies or third-party analytics.
10. Changes to this policy
We will notify account holders by email of any material changes. The current version is always at trustloop.live/privacy.
11. Contact
TrustLoop Ltd · hello@trustloop.live · trustloop.live