Privacy Policy

1. Overview

TrustRegistry ("we", "us") provides business identity verification infrastructure. This policy describes what information we collect from customers of the service and how we use it.

2. Information we collect

• Account information you provide (name, email, organization).
• API key metadata (prefix, label, hashed secret). Plaintext keys are never stored.
• API request metadata (timestamp, endpoint, status, response size) used for billing, abuse prevention, and debugging.
• Inputs to verification endpoints (e.g. business name, state) processed to fulfill the request.

3. How we use information

To operate the service, authenticate requests, prevent abuse, meter usage, and improve the product. We do not sell personal data.

4. Public registry data

Verification responses are derived from public business registry filings published by the issuing authority of each jurisdiction we cover.

5. Data retention

Request logs are retained for a rolling window for operational and billing purposes. Customers may request deletion of their account data by emailing privacy@trustregistry.dev.

6. Security

API keys are SHA-256 hashed at rest. Traffic is served over HTTPS. Access to production systems is limited to authorized personnel.

7. Contact

Questions about this policy: privacy@trustregistry.dev.