truspot.ioCheck My Listing
← Back to truspot.io

Privacy Policy

1. Data Controller

The data controller pursuant to Art. 4 (7) GDPR is:

Jan Metzler
truspot.io
Waldstr. 5
57234 Wilnsdorf
Germany
Email: hello@truspot.io

2. General Information on Data Processing

We process personal data only to the extent necessary to provide a functional website and our services. The processing of personal data occurs only with your consent or where processing is permitted by law. We take appropriate technical and organizational measures to ensure the security of your data.

3. SSL/TLS Encryption

This website uses SSL/TLS encryption for security reasons and to protect the transmission of confidential content, such as inquiries you send to us. You can recognize an encrypted connection by the lock icon in the browser address bar and the URL beginning with “https://”.

4. Hosting

This website is hosted on Cloudflare Pages by Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA. Cloudflare operates a global network of servers; your requests may be processed at the nearest edge location. When you visit this website, server log data is automatically collected, including your IP address (anonymized), browser type and version, operating system, referrer URL, and time of access.

The legal basis is Art. 6 (1) (f) GDPR (legitimate interest in secure and efficient website delivery). Data transfer to the USA is based on EU Standard Contractual Clauses (SCCs). For more information, see cloudflare.com/privacypolicy.

5. Cookies

This website uses only technically necessary cookies provided by Cloudflare for security purposes (e.g., bot protection). These cookies do not store personal data and cannot be used to identify you. They are automatically deleted when you close your browser. The legal basis is Art. 6 (1) (f) GDPR (legitimate interest).

We do not use cookies for tracking, advertising, or analytics purposes. Plausible Analytics, which we use for website statistics, is completely cookieless.

6. Contact / Inquiry Form

When you use our inquiry form, the following data is collected:

  • Name
  • Email address
  • Listing URL
  • Property location
  • Selected report tier
  • Desired timeline
  • Your main concern (optional)
  • How you found us (optional)

The legal basis is Art. 6 (1) (b) GDPR (pre-contractual measures). Your data is used exclusively to process your inquiry and to provide our property verification service.

Data retention: Your inquiry data is stored for the duration of our business relationship and for up to 6 months thereafter, unless longer retention is required by law (e.g., tax retention obligations of up to 10 years for invoicing data).

Your data will not be shared with third parties unless required for contract fulfillment (e.g., sharing the listing URL with a local scout to perform the verification you requested).

7. Email Notifications (Resend)

We use Resend (Resend, Inc., USA) as our transactional email service to deliver form submission notifications. When you submit an inquiry, your form data is transmitted to Resend solely for the purpose of delivering an email notification to us. Resend processes this data as a data processor on our behalf.

The legal basis is Art. 6 (1) (b) GDPR (contract fulfillment). Data transfer to the USA is based on EU Standard Contractual Clauses. For more information, see resend.com/legal/privacy-policy.

8. Web Analytics

Plausible Analytics

We use Plausible Analytics (Plausible Insights OÜ, Estonia, EU), a privacy-friendly web analytics service. Plausible does not use cookies, does not collect personal data, and does not track individual visitors. Only anonymized, aggregate usage statistics are recorded. No data is transferred outside the EU. No consent is required. For more information, see plausible.io/data-policy.

Microsoft Clarity

We use Microsoft Clarity (Microsoft Corporation, USA) to analyze user behavior through heatmaps and anonymized session recordings. Clarity may use first-party cookies to distinguish sessions. No personally identifiable information is collected. The legal basis is Art. 6 (1) (f) GDPR (legitimate interest in improving our website usability).

Data transfer to the USA is based on EU Standard Contractual Clauses. You can opt out by enabling “Do Not Track” in your browser settings or by using a browser extension that blocks Clarity. For more information, see Microsoft Clarity FAQ.

9. Payment Processing

Payments are processed by Stripe, Inc. (510 Townsend St, San Francisco, CA 94103, USA). When you make a payment, your payment details are processed directly by Stripe. We do not receive or store your full credit card information. The legal basis is Art. 6 (1) (b) GDPR (contract fulfillment).

Data transfer to the USA is based on EU Standard Contractual Clauses. For more information, see stripe.com/privacy.

10. Data Transfer to Third Countries

Some of the services we use are provided by companies based in the USA (Cloudflare, Resend, Stripe, Microsoft). In each case, the data transfer is secured by EU Standard Contractual Clauses (SCCs) pursuant to Art. 46 (2) (c) GDPR. The EU-U.S. Data Privacy Framework may also apply where the provider is certified.

11. Your Rights

Under the GDPR, you have the following rights:

  • Right of access (Art. 15 GDPR) — You may request information about whether and which personal data we process about you.
  • Right to rectification (Art. 16 GDPR) — You may request correction of inaccurate data.
  • Right to erasure (Art. 17 GDPR) — You may request deletion of your data, provided there are no legal retention obligations.
  • Right to restriction of processing (Art. 18 GDPR) — You may request restriction of the processing of your data.
  • Right to data portability (Art. 20 GDPR) — You may request to receive your data in a structured, commonly used, machine-readable format.
  • Right to object (Art. 21 GDPR) — You may object to the processing of your data based on legitimate interests at any time.
  • Right to withdraw consent (Art. 7 (3) GDPR) — If you have given consent, you may withdraw it at any time. The withdrawal does not affect the lawfulness of processing carried out prior to the withdrawal.

To exercise any of these rights, contact hello@truspot.io.

You also have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR). The competent authority for us is:

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
Kavalleriestr. 2–4, 40213 Düsseldorf
www.ldi.nrw.de

12. Changes to This Privacy Policy

We reserve the right to update this privacy policy to reflect changes in our services or legal requirements. The current version is always available on this page.

Last updated: April 2026