Last updated: 1 June 2026
This Privacy Policy explains how TrustPanel ("TrustPanel", "we", "us") collects, uses, stores and shares personal information when you use the TrustPanel website at trustpanel.io and the TrustPanel review-management platform (the "Service"). TrustPanel is operated by DM Media Solutions Ltd, United Kingdom. If you have any questions about this policy, contact us at support@trustpanel.io.
1. Who this policy applies to
This policy applies to: (a) visitors to trustpanel.io; (b) account holders ("Customers") who sign up to use the Service; and (c) end-customers of our Customers whose review content is processed through the Service on behalf of the Customer. Where we process review content on behalf of a Customer, we act as a data processor and the Customer is the data controller.
2. Information we collect
Account information: name, email address, password (hashed), business name, billing address and country.
Billing information: we use Stripe to process all payments. We do not store full card numbers on our servers; Stripe returns a customer/subscription identifier which we store against your account.
Connected platform credentials: when you connect a review source (e.g. Google Business Profile, Trustpilot, Facebook, Yelp, Booking.com), we store the OAuth access tokens or API credentials required to sync reviews on your behalf. These are encrypted at rest.
Review content: reviews, ratings, reviewer names and reply text imported from connected platforms or submitted directly through your TrustPanel widget.
AI usage data: when you use the AI reply suggestion feature, the review text and any context you provide are sent to our AI provider (Anthropic) to generate a draft. We log token counts and timestamps for billing/quota purposes but do not retain the prompt/response payloads beyond what is needed for support and abuse prevention.
Usage data: IP address, browser type, device type, pages visited, and actions taken within the Service. Collected via cookies and server logs.
Support communications: any messages you send us via the ticket system or email.
3. How we use your information
- Provide, operate and maintain the Service, including syncing reviews from connected platforms.
- Process subscription payments and send billing receipts.
- Generate AI-assisted reply drafts when you request them.
- Send service emails (e.g. password resets, sync failures, plan changes, security alerts).
- Provide customer support and respond to your enquiries.
- Monitor usage and improve the Service.
- Detect and prevent fraud, abuse and security incidents.
- Comply with our legal and regulatory obligations.
We do not sell your personal information, and we do not use review content or AI prompts to train our own machine-learning models.
4. Legal bases (UK/EU GDPR)
We rely on the following lawful bases: contract (to provide the Service you have signed up for), legitimate interests (to secure, improve and market the Service), consent (for non-essential cookies and optional marketing email), and legal obligation (e.g. tax records).
5. Sharing of information
We share personal information only with the following categories of recipient:
- Stripe — payment processing.
- Anthropic — generation of AI reply drafts (the review text plus the prompt is sent over an encrypted connection).
- Connected review platforms (Google, Trustpilot, Facebook, Yelp, Booking.com, etc.) — only the data needed to read reviews and post replies on your behalf.
- Hosting and email providers used to run the Service.
- Regulators, law enforcement or other third parties where required by law or to protect our rights.
We do not share your personal information with third parties for their own marketing purposes.
6. International transfers
Some of our sub-processors (notably Anthropic and Stripe) are based in the United States. Where personal data is transferred outside the UK/EEA, we rely on UK International Data Transfer Agreements, EU Standard Contractual Clauses, or equivalent safeguards.
7. Data retention
We retain account data for as long as your account is active and for up to 12 months after closure (longer where required by law, e.g. tax records for 6 years). Imported review content is retained while the corresponding platform is connected. Connected-platform OAuth tokens are deleted when you disconnect the platform or close your account.
8. Security
We take reasonable technical and organisational measures to protect your information, including TLS in transit, encryption of sensitive credentials at rest, hashed passwords, role-based access controls and logged administrative access. No system is completely secure; if you believe your account has been compromised, contact us immediately.
9. Your rights
Subject to UK/EU GDPR, you have the right to access, correct, delete or port your personal data, to object to or restrict certain processing, and to withdraw consent at any time. To exercise these rights, email support@trustpanel.io. You may also lodge a complaint with the UK Information Commissioner's Office (ico.org.uk).
10. Cookies
We use strictly necessary cookies to keep you signed in and to remember your preferences. We also use limited analytics cookies to understand how the Service is used. See our cookie policy for details and to manage your choices.
11. Children
The Service is not intended for anyone under 18. We do not knowingly collect personal information from children.
12. Changes to this policy
We may update this policy from time to time. Material changes will be notified by email or via a prominent notice in the Service before they take effect.
13. Contact
DM Media Solutions Ltd, United Kingdom — support@trustpanel.io.