Privacy Policy

Introduction

Welcome to Truoco. This Privacy Policy outlines how Prymera Consulting Pvt. Ltd. ("Truoco," "we," "us," or "our") collects, uses, protects, and discloses information in connection with our identity verification services (the "Services").

Our mission is to create a more trusted and secure digital world. We are committed to handling personal data responsibly and transparently. This policy is designed to help you understand our privacy practices.

1. Our Role: Data Processor

In the context of providing identity verification, Truoco acts as a Data Processor on behalf of our business clients (the "Clients"). Our Clients are the Data Controllers who determine the purpose and means of processing personal data.

This policy primarily explains how we process the data of our Clients' end-users ("End-Users") upon the instruction of our Clients. It also covers the data we collect from visitors to our website and our Clients' use of our dashboard.

2. Information We Process

2.1 Business Client Data

• Account Information: Full name, business email, and phone number.
• Company Information: Company name, address, and industry.
• Billing Information: Billing address, payment details, and transaction history.
• Technical Data: IP address, browser type, and usage data on the Truoco dashboard.

2.2 End-User Data

To perform identity verification, our Clients submit End-Users' data to our platform:

• Identity Document Data: High-resolution ID images (Passport, Aadhaar, PAN, etc.).
• Biometric Data: Facial geometry data, liveness detection, video selfies.
• Personal Details: Full name, date of birth, address, nationality.
• Device Data: IP address, device type, browser info.

3. How We Use Information

3.1 Business Client Data

• Create and manage your Truoco account.
• Process payments and provide customer support.
• Communicate about updates, security alerts, and new features.
• Improve our website and services.

3.2 End-User Data

• Verify authenticity of identity documents.
• Match selfie with ID photo using biometrics.
• Screen against AML, sanctions, and PEP lists.
• Detect and prevent fraud.
• Generate verification results for Clients.

We never use End-User Personal Data for marketing, advertising, or selling.

4. Data Security

• Encryption: TLS 1.2+ in transit, AES-256 at rest.
• Access Control: Strict least-privilege access.
• Auditing: Logs, monitoring, audits, penetration tests.
• Infrastructure: Hosted with SOC 2 / ISO 27001 providers.

5. Data Retention

• Business Client Data: Retained during business relationship & legal needs.
• End-User Data: Retained per Client instructions & laws. Securely deleted after expiry.

6. Data Sharing

We don’t sell personal data. We only share with trusted sub-processors:

• Cloud Infrastructure Providers
• Sanctions List Providers

7. International Transfers

Data may cross borders. For EU data, we use Adequacy Decisions or Standard Contractual Clauses (SCCs).

8. Your Rights

• Right to Access
• Right to Rectification
• Right to Erasure (Forgotten)
• Right to Restrict Processing

For End-Users: Please contact the Client (Data Controller) that asked you to verify your identity. We support Clients in fulfilling rights.

9. Policy Updates

We may update this Privacy Policy from time to time. Clients will be notified of material changes, and the “Last Updated” date will be updated.