TruVis
Book a demo

Legal

Privacy Policy

Last updated: 29 April 2026

This Privacy Policy explains how TruVis Technologies LLC ("TruVis") handles personal data. It applies to data we hold about visitors to our website, prospects who contact us, and users invited into a TruVis tenant by a customer organisation.

1. Roles

For data submitted by customers' end-users into a TruVis tenant (KYC information, identity documents, screening results), our customer is the data controller and TruVis is a processor. The Data Processing Agreement governs that relationship.

For data we collect directly — visitors to our website and people who contact us — TruVis is the controller.

2. What we collect (as controller)

  • Marketing leads: name, work email, company, role, vertical and any message you send via our forms; the page you submitted from; UTM parameters if present.
  • Authentication: for users invited into a TruVis tenant, we collect email, hashed password, MFA factors and session metadata via Supabase Auth.
  • Operational logs: IP addresses (masked to /24 in audit logs), request timestamps, error rates. Application logs are run through a sanitiser that redacts known PII keys before storage.

We do not use third-party advertising or behavioural-tracking cookies. Our website does not require cookies for the marketing surface.

3. Why we use it

  • To respond to demo requests and other contact you initiate
  • To operate, secure and improve the TruVis platform
  • To meet our own legal and regulatory obligations

4. Where it lives

All customer data and audit logs are stored in Supabase region me1 (Bahrain), and the application is served from Vercel region me1. We do not replicate customer data outside the GCC without explicit instruction in your order form.

5. Sharing

We use sub-processors (listed at /legal/sub-processors) to deliver the service. We do not sell personal data and we do not share it with marketing partners.

6. Retention

Marketing leads are retained for 24 months after the last meaningful interaction or until you ask us to delete them, whichever is sooner. Customer-tenant data is retained for the period set out in your order form, plus the regulatory minima you instruct us to apply.

7. Your rights

Where applicable law gives you rights over your personal data — including under UAE Federal Decree-Law No. 45 of 2021 (UAE PDPL) and the EU General Data Protection Regulation (GDPR) — you may exercise rights of access, correction, deletion, objection, and portability by contacting privacy@truvis.ae. If you are a tenant end-user, please contact your tenant administrator first; they are the controller for that data.

8. Security

TruVis is engineered around tenant isolation (Row Level Security on every table), MFA for privileged roles, append-only audit logs, signed-URL-only document access and PII-aware logging. See /security for the technical detail.

9. Changes

We will update this policy from time to time. Material changes are communicated to active customers in advance.

10. Contact

Privacy questions: privacy@truvis.ae. Security issues: security@truvis.ae.

Notice. This page is provided for transparency and is not legal advice. Final binding terms are those signed by your authorised representative on a TruVis customer agreement. Contact legal@truvis.ae for the executable form.