Privacy Policy
Last updated: July 10, 2026Who We Are
TRUSTWARDS S.L is the data controller responsible for the processing of personal data described in this Privacy Policy.
Email: team@trustwards.io
Address: Calle Carpinteros 6, Planta 2 Oficina 28, 28670, Villaviciosa de Odón, Madrid, España
Tax ID: B23862303
Data Protection Officer (DPO): José Antonio Tamudo Bértolo
Contact: josetamu@trustwards.io
What Data We Collect
We collect the following categories of personal data when you visit our website and when you purchase or use our WordPress plugin and related services:
Cookie consent preferences and consent records (your choices about cookies and similar technologies, and the information needed to record and demonstrate those choices).
Device and connection information (such as IP address, browser type, device identifiers, and basic connection and request information) that is necessary to load and secure the website and provide the service.
Account data (information you provide to create and manage an account for our service, such as identifiers and account-related details you submit through our interfaces).
Transaction and payment-related information (such as billing details and payment status information needed to process purchases). Payment card details are handled by our payment processor rather than being stored by us.
Analytics data (information about how you interact with our website, collected through analytics technologies when you consent to them).
Advertising and marketing tracking data (information collected through advertising-related technologies when you consent to them, which may use cookies or similar technologies to measure and support advertising activities).
Sources of personal data:
Directly from you (for example, when you create an account, submit information through our website, or complete a purchase).
Automatically from your device (for example, through technical logs and standard web technologies needed to deliver and protect the website).
From cookies and similar technologies (non-essential cookies are used only when you provide consent, and you can change your choices at any time).
Whether providing data is mandatory or optional:
Some data is required to provide the website and the service (for example, device and connection information, and information needed to process a purchase). Other data is optional and depends on your choices, including consent-based analytics and advertising technologies.
How We Use Your Data
We use your personal data for the purposes below. Each purpose relies on a specific legal basis, depending on why the processing is necessary.
To provide the core service and deliver the WordPress plugin and related functionality (legal basis: contract).
To create and manage your account and provide customer-facing service features (legal basis: contract).
To process purchases and payments and manage transactions (legal basis: contract).
To protect our website and service, prevent fraud and abuse, and maintain the security and integrity of our systems (legal basis: legitimate interest).
To collect analytics data using cookies or similar technologies to understand website usage and improve performance and user experience (legal basis: consent).
To support advertising and marketing tracking technologies that rely on cookies or similar technologies (legal basis: consent).
Who We Share Your Data With
We share personal data only as needed to operate our website and provide our services. When we use service providers, they process personal data under their own privacy policies and, where applicable, under contractual obligations to protect the data.
We use our own consent management system (Trustwards) to record and manage your cookie preferences. This data is processed internally and not shared with third parties.
Stripe (payment processing): We share transaction and billing-related information with Stripe to process payments and manage payment-related operations. Stripe processes this information according to its privacy policy.
Google Analytics (analytics services): If you consent to analytics cookies, we share certain usage and device information with Google Analytics to measure and understand how visitors use our website. Google processes this information according to its privacy policy.
SureCart Affiliate (affiliate tracking): If you consent to advertising/marketing tracking technologies, we may share certain identifiers and event information with SureCart Affiliate to attribute referrals and measure affiliate performance. SureCart processes this information according to its privacy policy.
International Data Transfers
Some of our service providers are located outside the EU/EEA, specifically in the United States. Where this occurs, we use appropriate safeguards to protect personal data when it is transferred internationally.
Google Analytics: Google LLC is certified under the EU-U.S. Data Privacy Framework (DPF).
Stripe: Stripe, Inc. is located in the United States. We rely on Standard Contractual Clauses (SCCs) approved by the European Commission for relevant transfers.
SureCart Affiliate: SureCart’s service providers may be located in the United States. Where personal data is transferred outside the EU/EEA, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission for relevant transfers.
Our consent management system (Trustwards) is based in Spain (EU), so consent data is not transferred internationally.
How Long We Keep Your Data
We keep personal data only for as long as needed for the purposes described in this policy, unless a longer retention period is required by law. Retention periods for different data types are independent.
Account data: until the account is deleted
Cookie consent records: 10 years (to demonstrate compliance and address potential claims within legal limitation periods)
Security logs and technical records: 12 months
Tax and accounting records: 10 years (legal requirement)
Analytics data: until consent is withdrawn or according to the analytics tool retention settings
Advertising/marketing tracking data: until consent is withdrawn
Your Rights
Depending on where you live and which laws apply, you may have the following rights regarding your personal data:
Access: request access to the personal data we hold about you.
Correction: request that we correct inaccurate or incomplete personal data.
Deletion: request that we delete your personal data in certain circumstances.
Restriction: request that we restrict the processing of your personal data in certain circumstances.
Portability: request a copy of certain personal data in a structured, commonly used, machine-readable format and request that it be transferred to another provider where technically feasible.
Objection: object to processing based on legitimate interests in certain circumstances.
Withdraw consent: where we rely on consent (for example, for analytics and advertising cookies), you can withdraw your consent at any time. Withdrawing consent does not affect the lawfulness of processing carried out before you withdrew it.
Right not to be subject to certain automated decisions: you have the right not to be subject to automated decision-making or profiling that produces legal effects or similarly significantly affects you.
How to exercise your rights:
To submit a request, contact us at team@trustwards.io. We may ask for information to verify your identity and to understand your request.
Response times:
For GDPR and LGPD requests, we generally respond within one month.
For CCPA/CPRA requests, we generally respond within 45 days (and may extend by an additional 45 days when permitted, with notice).
For PIPEDA requests, we generally respond within 30 days.
Automated Decision-Making
We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you.
Children's Privacy
Our services are not directed at children under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.
Data Security
We implement appropriate technical and organizational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. However, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security, but we take reasonable precautions to protect your information.
Data Breach Notification
If a personal data breach occurs that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay when required. Our notification will describe, as appropriate, the nature of the breach, the likely consequences, and the measures taken or proposed to address it. We maintain procedures to detect, report, and investigate security incidents.
If you suspect a security issue, please contact us at team@trustwards.io.
How to Lodge a Complaint
If you have concerns about how we handle your personal data, we encourage you to contact us first so we can try to resolve the issue.
You also have the right to lodge a complaint with the competent data protection authority in your jurisdiction. If you are located in Spain, you may lodge a complaint with the Spanish Data Protection Authority (Agencia Española de Protección de Datos).
California consumers may contact the California Privacy Protection Agency (CPPA): https://cppa.ca.gov/
Brazilian data subjects may contact the ANPD (Autoridade Nacional de Proteção de Dados): https://www.gov.br/anpd/
Canadian data subjects may contact the Office of the Privacy Commissioner of Canada (OPC): https://www.priv.gc.ca/
Updates to This Policy
We review and update this Privacy Policy periodically to reflect changes in our practices, technologies, legal requirements, and other factors. The “Last updated” date at the top of this policy indicates when changes were last made.
If we make significant changes, we will provide notice through the website or by email where appropriate. Changes take effect from the date indicated at the top of this policy. Where processing is based on consent, we will request new consent when required.
Contact Us
Tax ID: B23862303
Email: team@trustwards.io
Address: Calle Carpinteros 6, Planta 2 Oficina 28, 28670, Villaviciosa de Odón, Madrid, España
Data Controller: TRUSTWARDS S.L
California Privacy Rights (CCPA/CPRA)
This section applies to California consumers and serves as our Notice at Collection. In the last 12 months, we have collected the following categories of personal information (as those terms are defined under California law):
Identifiers (such as online identifiers, IP address, and account-related identifiers).
Internet or other electronic network activity information (such as interactions with our website and, if you consent, analytics and advertising-related activity).
Commercial information (such as records of products or services purchased and payment status).
Inferences drawn from the above information to understand how the website is used (where permitted and, for cookie-based technologies, where you consent).
Business and commercial purposes for collecting personal information include: providing and operating our website and services; processing transactions; maintaining account functionality; securing our systems and preventing fraud; measuring and improving website performance; and, where you consent, supporting analytics and advertising/marketing tracking.
Sale and sharing of personal information:
We do not sell personal information.
We do not share personal information for cross-context behavioral advertising.
Your California rights include:
Right to know: you can request information about the personal information we collected, used, disclosed, and whether we sold or shared it.
Right to delete: you can request deletion of personal information, subject to exceptions under California law.
Right to correct: you can request correction of inaccurate personal information.
Right to opt-out: you have the right to opt-out of the sale or sharing of personal information by using a “Do Not Sell or Share My Personal Information” request. Because we do not sell or share personal information for cross-context behavioral advertising, this right is provided for completeness and future changes; if our practices change, we will update this policy and provide appropriate choices.
Right to limit the use and disclosure of sensitive personal information: we do not use or disclose sensitive personal information for purposes that would require offering a right to limit under California law. If our practices change, we will provide the required options.
Right to non-discrimination: we will not discriminate against you for exercising your CCPA/CPRA rights.
How to submit a request:
Email us at team@trustwards.io. We will verify your request by asking for information that matches data we maintain, and we may request additional information where necessary to protect against fraud. Authorized agents may submit requests on your behalf, and we may require proof of authorization and verification of your identity.
Response timing:
We respond within 45 days, and where permitted we may extend by an additional 45 days with notice.
Global Privacy Control (GPC):
We honor Global Privacy Control signals as valid requests to opt out of the sale or sharing of personal information, where applicable.
Brazilian Data Protection (LGPD)
This section applies to individuals in Brazil. We process personal data under LGPD legal bases that include consent (for example, for analytics and advertising/marketing tracking technologies) and legitimate interest (for example, to protect our services and prevent fraud), as well as when necessary to perform contracts (for example, to provide the service and process purchases).
Your rights under the LGPD include: confirmation of whether we process your data and access to it; correction of incomplete, inaccurate, or outdated data; anonymization, blocking, or deletion of unnecessary or excessive data; portability; deletion of personal data processed with consent; information about sharing; and withdrawal of consent.
To exercise LGPD rights, contact us at team@trustwards.io. You also have the right to petition the ANPD (Autoridade Nacional de Proteção de Dados).
Our Data Protection Officer (DPO) is José Antonio Tamudo Bértolo, reachable at josetamu@trustwards.io.
Canadian Privacy Rights (PIPEDA)
This section applies to individuals in Canada. We are responsible for personal information under our control and have policies and practices designed to meet our accountability obligations.
Meaningful consent: We seek meaningful consent for the collection, use, and disclosure of personal information, including through our cookie consent choices for non-essential cookies and similar technologies. You can withdraw consent, subject to legal or contractual restrictions and reasonable notice.
Access and accuracy: You have the right to request access to your personal information and to challenge the accuracy and completeness of the information, and have it amended as appropriate.
To make a request or withdraw consent, contact us at team@trustwards.io. You also have the right to complain to the Office of the Privacy Commissioner of Canada (OPC): https://www.priv.gc.ca/
Privacy Notice
Last updated: July 10, 2026Notice at Collection
This Notice at Collection is for California consumers and explains the categories of personal information Trustwards collects and the business or commercial purposes for which we collect and use that information, as required by the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA).
Categories of Personal Information We Collect
We collect the following categories of personal information:
Identifiers (such as name, email, address, and phone number).
Commercial information (such as purchase history and records of products or services).
Internet or other electronic network activity information (such as browsing history, search history, and interactions).
Geolocation data.
How We Use Your Information
We collect and use personal information for the following business or commercial purposes:
To process transactions.
To provide customer support.
To improve our services.
For marketing purposes.
Sale and Sharing of Personal Information
We do not sell personal information and we do not share personal information for cross-context behavioral advertising, as those terms are defined under the CCPA/CPRA.
Retention
We retain personal information for as long as necessary to fulfill the purposes described in this Notice at Collection, to comply with legal obligations, and to resolve disputes.
Your California Privacy Rights
Subject to certain exceptions, California consumers have the following rights under the CCPA/CPRA:
Right to know/access: You can request information about the personal information we collected about you, including the categories of personal information, the purposes for collecting it, and other details required by law.
Right to delete: You can request that we delete personal information we collected from you.
Right to correct: You can request that we correct inaccurate personal information we maintain about you.
Right to opt-out of sale/sharing: You can opt out of the sale or sharing of your personal information. We state above that we do not sell or share personal information as defined by the CCPA/CPRA.
Right to limit use of sensitive personal information: You can request that we limit the use and disclosure of sensitive personal information to uses permitted by the CCPA/CPRA.
Right to non-discrimination: You have the right not to receive discriminatory treatment for exercising your CCPA/CPRA rights.
How to submit a request: To exercise your rights, contact us at team@trustwards.io. We will respond to verifiable consumer requests within 45 days, unless an extension is permitted by law.
Global Privacy Control: We honor opt-out preference signals sent through the Global Privacy Control (GPC) where required by the CCPA/CPRA.
Contact Us
TRUSTWARDS S.L
Email: team@trustwards.io