truspot.ioCheck My Listing
← Back to truspot.io

Privacy Policy

1. Data Controller

The data controller pursuant to Art. 4 (7) GDPR is:

Jan Metzler
truspot.io
Waldstr. 5
57234 Wilnsdorf
Germany
Email: hello@truspot.io

2. General Information on Data Processing

We process personal data only to the extent necessary to provide a functional website and our services. The processing of personal data occurs only with your consent or where processing is permitted by law. We take appropriate technical and organizational measures to ensure the security of your data.

3. SSL/TLS Encryption

This website uses SSL/TLS encryption for security reasons and to protect the transmission of confidential content, such as inquiries you send to us. You can recognize an encrypted connection by the lock icon in the browser address bar and the URL beginning with “https://”.

4. Hosting

This website is hosted on Cloudflare Pages by Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA. Cloudflare operates a global network of servers; your requests may be processed at the nearest edge location. When you visit this website, server log data is automatically collected, including your IP address (anonymized), browser type and version, operating system, referrer URL, and time of access.

The legal basis is Art. 6 (1) (f) GDPR (legitimate interest in secure and efficient website delivery). Data transfer to the USA is based on EU Standard Contractual Clauses (SCCs). For more information, see cloudflare.com/privacypolicy.

5. Cookies and Similar Technologies

This website uses two categories of cookies and similar technologies:

a) Essential cookies. Cloudflare may set cookies for security and bot protection. These are technically necessary for the website to function, do not store personal data, and cannot be used to identify you. The legal basis is Art. 6 (1) (f) GDPR (legitimate interest in secure website operation) in conjunction with § 25 (2) Nr. 2 TTDSG. No consent is required.

b) Analytics cookies (consent-based). When you accept analytics cookies via our cookie banner, we use Google Analytics to understand how visitors use our website. These services place cookies and similar identifiers on your device that are not strictly necessary. The legal basis is Art. 6 (1) (a) GDPR and § 25 (1) TTDSG (your consent). These scripts are not loaded until you actively accept them.

You can change your choice at any time using the “Cookie settings” link in the footer. Withdrawing consent does not affect the lawfulness of any processing carried out before the withdrawal.

6. Contact / Inquiry Form

When you use our inquiry form, the following data is collected:

  • Name
  • Email address
  • Listing URL
  • Property location
  • Selected report tier
  • Desired timeline
  • Your main concern (optional)
  • How you found us (optional)

The legal basis is Art. 6 (1) (b) GDPR (pre-contractual measures). Your data is used exclusively to process your inquiry and to provide our property verification service.

Data retention: Your inquiry data is stored for the duration of our business relationship and for up to 6 months thereafter, unless longer retention is required by law (e.g., tax retention obligations of up to 10 years for invoicing data).

Your data will not be shared with third parties unless required for contract fulfillment (e.g., sharing the listing URL with a local scout to perform the verification you requested).

7. Email Notifications (Resend)

We use Resend (Resend, Inc., USA) as our transactional email service to deliver form submission notifications. When you submit an inquiry, your form data is transmitted to Resend solely for the purpose of delivering an email notification to us. Resend processes this data as a data processor on our behalf.

The legal basis is Art. 6 (1) (b) GDPR (contract fulfillment). Data transfer to the USA is based on EU Standard Contractual Clauses. For more information, see resend.com/legal/privacy-policy.

8. Web Analytics

All analytics services described below are loaded only after you give consent via our cookie banner. The legal basis for processing is Art. 6 (1) (a) GDPR and § 25 (1) TTDSG (your consent). You may withdraw consent at any time using the “Cookie settings” link in the footer.

Google Analytics 4

We use Google Analytics 4, provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland), with parent company Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). Google Analytics uses cookies (e.g. _ga, _ga_<container-id>) and similar identifiers to record interactions on our website. The data collected typically includes pages visited, time on page, device and browser type, approximate location (derived from IP address — the IP is anonymized before storage via the anonymize_ip setting), and referrer.

Tracking ID: G-6T2DHBQLEK
Default data retention: 14 months, after which event-level data is automatically deleted.

Data transfer to the USA. Although the contracting entity is Google Ireland Limited, data may be processed by Google LLC in the United States. The transfer is based on (i) the European Commission's Adequacy Decision under the EU-U.S. Data Privacy Framework of 10 July 2023 (Google LLC is certified under the framework), and (ii) Standard Contractual Clauses pursuant to Art. 46 (2) (c) GDPR as a fallback safeguard.

For more information, see policies.google.com/privacy and Google's data processing terms.

9. Payment Processing

Payments are processed by Stripe, Inc. (510 Townsend St, San Francisco, CA 94103, USA). When you make a payment, your payment details are processed directly by Stripe. We do not receive or store your full credit card information. The legal basis is Art. 6 (1) (b) GDPR (contract fulfillment).

Data transfer to the USA is based on EU Standard Contractual Clauses. For more information, see stripe.com/privacy.

10. Data Transfer to Third Countries

Some of the services we use are provided by companies based in the USA (Cloudflare, Google, Resend, Stripe). In each case, the data transfer is secured by EU Standard Contractual Clauses (SCCs) pursuant to Art. 46 (2) (c) GDPR. The EU-U.S. Data Privacy Framework may also apply where the provider is certified.

11. Your Rights

Under the GDPR, you have the following rights:

  • Right of access (Art. 15 GDPR) — You may request information about whether and which personal data we process about you.
  • Right to rectification (Art. 16 GDPR) — You may request correction of inaccurate data.
  • Right to erasure (Art. 17 GDPR) — You may request deletion of your data, provided there are no legal retention obligations.
  • Right to restriction of processing (Art. 18 GDPR) — You may request restriction of the processing of your data.
  • Right to data portability (Art. 20 GDPR) — You may request to receive your data in a structured, commonly used, machine-readable format.
  • Right to object (Art. 21 GDPR) — You may object to the processing of your data based on legitimate interests at any time.
  • Right to withdraw consent (Art. 7 (3) GDPR) — If you have given consent, you may withdraw it at any time. The withdrawal does not affect the lawfulness of processing carried out prior to the withdrawal.

To exercise any of these rights, contact hello@truspot.io.

You also have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR). The competent authority for us is:

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
Kavalleriestr. 2–4, 40213 Düsseldorf
www.ldi.nrw.de

12. Rental Checklist Email Collection

If you submit your email address through the form on our Thailand Rental Checklist guide (https://www.truspot.io/thailand-rental-checklist), we collect your email address for the purpose of (a) delivering a link to the printable version of the checklist and (b) sending occasional follow-up emails about truspot.io and renting in Thailand.

The legal basis is Art. 6 (1) (a) GDPR (your consent), given via the explicit consent checkbox on the form.

We use Resend (Resend, Inc., USA) as our email service provider for both the welcome email and any follow-up communications. Your email address is stored in Resend's contact-management system (Audiences). Data transfer to the USA is based on EU Standard Contractual Clauses, as described in section 7. See resend.com/legal/privacy-policy.

Data retention: your email address is retained until you withdraw consent (e.g. by replying “unsubscribe” to any email or contacting hello@truspot.io). Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

13. Changes to This Privacy Policy

We reserve the right to update this privacy policy to reflect changes in our services or legal requirements. The current version is always available on this page.

Last updated: May 2026