GDPR Compliance

Effective Date: August 28, 2025

Last Updated: August 28, 2025

At Truoco, trust and data security are the foundation of our services. We are fully committed to upholding the highest standards of data protection for our clients and their end-users around the world. This page outlines our commitment and approach to compliance with the General Data Protection Regulation (GDPR).

Our Commitment

Prymera Consulting Pvt. Ltd. ("Truoco") embraces the principles of the GDPR, which are aligned with our core values of transparency, security, and accountability. We have implemented robust technical and organizational measures to ensure that all personal data processed through our platform is handled in accordance with GDPR requirements.

Truoco's Role as a Data Processor

It is essential to understand the roles under the GDPR. The Data Controller (our business client) determines the purposes and means of processing personal data. The Data Processor (Truoco) processes personal data on behalf of the Controller.

When you use Truoco's identity verification services, you are the Data Controller, and Truoco is your Data Processor. This means we only process the personal data of your end-users based on your lawful instructions.

How Truoco Complies with GDPR

Data Processing Agreements (DPA)

A legally binding DPA is a core requirement of Article 28 of the GDPR. We provide a comprehensive DPA to all clients, clearly outlining roles, responsibilities, and data protection standards.

Robust Security Measures

We comply with Article 32 of the GDPR by implementing state-of-the-art security measures:

  • End-to-End Encryption: TLS 1.2+ in transit, AES-256 at rest.
  • Access Controls: Principle of least privilege to ensure only authorized access.
  • Regular Audits: Internal and third-party audits, including penetration testing.

International Data Transfers

As an Indian company, we ensure any transfer of personal data from the EEA is protected with lawful mechanisms such as Standard Contractual Clauses (SCCs).

Data Subject Rights

Truoco is committed to helping our clients (the Data Controllers) fulfill data subject rights requests. Our platform facilitates access, rectification, and erasure of personal data upon client instruction.

Accountability and Governance

We maintain detailed processing records and have appointed a Data Protection Officer (DPO) to oversee our compliance strategy.

Frequently Asked Questions

1. Is using Truoco compliant for my EU-based users? Yes. By signing our DPA and using our GDPR-compliant services, you can verify EU users lawfully.

2. Where is my data hosted? We use secure cloud infrastructure providers. Data residency details can be specified in your service agreement.

3. Do I need to sign a DPA with Truoco? Yes, a DPA is mandatory under GDPR for processing EEA personal data.

Contact Us

If you have questions about our GDPR compliance or data protection practices, contact our Data Protection Officer:

Email: connect@truoco.com
Address: Prymera Consulting Pvt. Ltd., GN34/1, Aurora Water Front, Unit 10, Floor 16th, Sector V, Salt Lake, Kolkata 700091 India