Privacy Policy
Last updated: 14 May 2026
Who we are
Trust Radar is a New Zealand–based service that fetches a business's public Google reviews and renders them on the business's own website via an embeddable widget. This policy describes how we handle the personal information we hold.
Information we collect
- Account information: your email address, password (hashed), and the display name you set on your profile.
- Workspace information: the business name, Google Place ID, and the customisation settings you save for your widget.
- Review data: public reviews of your business from sources you connect — author name, rating, comment text, posted date — that we cache to render the widget without hitting the source on every page load. Today we support Google reviews; Facebook page recommendations are rolling out (see "Facebook integration" below).
- Billing information: processed entirely by Stripe. We store your Stripe customer ID and subscription state; we never see or store payment card details.
- Technical logs: IP address, request path, and user agent on requests to our APIs, retained briefly for abuse prevention and debugging.
How we use it
- Operate and deliver the service (fetch your reviews, render your widget, manage your account).
- Bill you (via Stripe) and email you about your subscription.
- Send transactional emails — sign-up confirmation, password reset, trial-ending reminders.
- Investigate abuse, errors, and security incidents.
We do not sell your information, and we do not use it for advertising.
Where it's stored and who else processes it
Your data lives in services run by reputable processors, each governed by their own privacy practices and data-protection terms:
- Supabase (database + authentication) — hosted in Supabase's region we select.
- Vercel (application hosting + edge network).
- Stripe (payment processing).
- Resend (transactional email).
- Inngest (background jobs — review syncs, email schedules).
- DataForSEO & Google Places (sources for the public review data we display).
Your rights
Under the New Zealand Privacy Act 2020 (and the GDPR if you're in the EU), you have the right to access the personal information we hold about you, request a correction, or request deletion. Email us at support@trustradar.app and we'll respond within a reasonable time. For data export, see the "Your data" section on your profile page— "Export my data" produces a JSON download of everything tied to your account.
Deleting your account and data
You can request deletion of your Trust Radar account and all associated data at any time. Two paths:
- Self-serve (recommended): sign in, go to your profile page, scroll to the "Danger zone" section, and click "Delete Account". You'll be asked to type DELETE to confirm. We process the request within 30 days, cancel any active subscription on your behalf, and permanently remove your account, organisations, widgets, and stored reviews.
- By email: send a deletion request from the address tied to your account to support@trustradar.app. We'll confirm the request and process it within 30 days.
If you connected a Facebook page, deleting your account also revokes our Facebook page access token and removes the page's cached reviews from our database. You can also disconnect a single Facebook page without deleting your whole account from your workspace settings.
We may retain minimal records (transaction logs, billing history) where law requires us to — typically up to 7 years for financial records, then deleted automatically.
Facebook integration
If you connect your Facebook page, we request the following permissions from Meta: public_profile, email, pages_show_list, pages_read_engagement, and pages_read_user_content. We use these to:
- List the pages you administer so you can pick which one to connect.
- Read your page's aggregate rating and individual recommendations to display in your Trust Radar widget on your own website.
We store the page access token encrypted at rest (AES-256-GCM) and use it only for the 24-hour scheduled review sync. We do not post to your page, message followers, change page settings, or access any other Facebook data. If you disconnect the page (or delete your Trust Radar account), the encrypted token is removed and we stop calling Facebook for that page within minutes.
You can also revoke our access directly from Facebook at any time via Facebook Settings → Business Integrations.
Cookies
We use a single first-party cookie to keep you signed in (set by Supabase). We do not use advertising or tracking cookies. The widget itself sets no cookies on visitors' browsers.
Changes to this policy
If we update this policy, we'll change the "Last updated" date above. For material changes we'll email account holders.
Contact
Questions or requests: support@trustradar.app.