Policies

Cookies Policy

Privacy Notice

Privacy Policy

Last updated: June 4, 2026

Who We Are

Trustwards is operated by José Antonio Tamudo Bértolo, who is the data controller responsible for the processing of personal data described in this Privacy Policy.

Contact details:
Email: josetamu@trustwards.io
Address: Calle Río Guadarrama, 45, 28939, Arroyomolinos, Madrid, Spain

Data Protection Officer (DPO): José Antonio Tamudo Bértolo
Contact: josetamu@trustwards.io

What Data We Collect

We collect the following categories of personal data when you use the Trustwards website and related services (a Consent Management Platform wrapped as a plugin for WordPress):

Cookie consent preferences: your choices about which cookies and similar technologies you accept or reject, and related consent status information needed to apply your choices.

Device and technical information: IP address, browser type, device information, and technical data needed to load and secure the website and provide the service reliably.

Account data: information you provide to create and manage an account for the service.

Payment and billing information: billing details and payment-related information needed to process purchases and manage invoices and accounting.

Usage data for analytics (only with your consent): information about how you interact with the website and service, collected through analytics technologies that require consent.

Sources of data:

Directly from you: when you create an account, submit information through the website, or contact us.

Automatically: when you access the website, we receive device and technical information as part of normal communications and security operations.

From cookies and similar technologies: we store and read non-essential cookies only when you have given your consent, and we apply your cookie choices through our consent management system.

Providing certain data is necessary to use the service (for example, technical data to load the website, and payment and billing information to complete a purchase). Providing analytics consent is optional, and you can use the website without accepting non-essential cookies.

How We Use Your Data

We use your personal data for the following purposes and legal bases:

Providing the Trustwards service and managing your account (legal basis: contract).

Responding to your inquiries and providing customer support related to the service (legal basis: contract).

Processing payments and managing orders, billing, and invoicing (legal basis: contract).

Recording, storing, and demonstrating your cookie consent choices and applying your preferences on the website (legal basis: legal obligation).

Maintaining tax and accounting records related to transactions (legal basis: legal obligation).

Protecting the website and service against security threats, abuse, and fraud, and maintaining the integrity of our systems (legal basis: legitimate interest).

Collecting analytics data to understand how the website and service are used and to improve performance and user experience, where analytics technologies require consent (legal basis: consent).

Who We Share Your Data With

We share personal data only to the extent necessary to operate the service, meet legal obligations, and process payments.

We use our own consent management system (Trustwards) to record and manage your cookie preferences. This data is processed internally and not shared with third parties.

Payments: we use Stripe to process payments. Stripe may process payment and billing information and related transaction data, and may also process device and technical information (including IP address) for fraud prevention and security purposes.

Affiliate and referral tracking: we use SureCart Affiliate to support affiliate and referral tracking. Depending on configuration and your interactions, this may involve the use of cookies or similar technologies and the processing of online identifiers (including pseudonymous identifiers), device and technical information, and referral/attribution information. Where required by applicable law (including ePrivacy requirements), non-essential cookies or similar technologies for affiliate/referral tracking will not be set unless you provide consent.

Analytics services: if you consent to analytics, analytics data may be processed using Google Analytics. Google Analytics may use cookies or similar technologies and process data such as online identifiers (including pseudonymous identifiers), device information, and usage data. Analytics will not be set until you provide consent.

International Data Transfers

Some of the providers we use may process personal data outside the EU/EEA, the UK, or Switzerland. Where this involves a transfer of personal data to a country without an adequacy decision, we will ensure that an appropriate transfer mechanism is in place, such as Standard Contractual Clauses approved by the European Commission and/or other safeguards required by GDPR, and we will apply additional measures where required.

Google Analytics is provided by Google, which is US-based. Where personal data is transferred to the United States in connection with Google Analytics, the transfer may be based on the EU-U.S. Data Privacy Framework (where applicable) and/or Standard Contractual Clauses, depending on the relevant Google entity and configuration.

Stripe is provided by Stripe entities that may be located in the United States and/or other countries, depending on the relevant Stripe entity and configuration. Where personal data is transferred outside the EU/EEA, the UK, or Switzerland in connection with Stripe, we will rely on an appropriate transfer mechanism, such as Standard Contractual Clauses and/or other safeguards required by GDPR, depending on the relevant entities and configuration.

SureCart Affiliate may involve processing by providers located in the United States and/or other countries, depending on the relevant SureCart entities and configuration. Where personal data is transferred outside the EU/EEA, the UK, or Switzerland in connection with SureCart Affiliate, we will rely on an appropriate transfer mechanism, such as the EU-U.S. Data Privacy Framework (where applicable) and/or Standard Contractual Clauses and/or other safeguards required by GDPR, depending on the relevant entities and configuration.

Our consent management system (Trustwards) is based in Spain (EU), so consent data is not transferred internationally.

How Long We Keep Your Data

Account data: until account is deleted.

Cookie consent records: 10 years (to demonstrate compliance and address potential claims within legal limitation periods).

Security logs and technical records: 12 months.

Tax and accounting records: 10 years (legal requirement).

Analytics data: until consent is withdrawn or according to the analytics tool retention settings.

Your Rights

If you are in the EU/EEA, the UK, or Switzerland, you have the right to:

Access your personal data.

Correct inaccurate or incomplete data.

Delete your personal data (the “right to be forgotten”).

Restrict the processing of your personal data.

Receive your personal data in a structured, commonly used format and have it transferred to another controller where applicable (data portability).

Object to processing based on legitimate interests, including where applicable objecting to processing for reasons related to your particular situation.

Withdraw your consent at any time where we rely on consent (this does not affect the lawfulness of processing before you withdrew consent).

Not be subject to automated decision-making or profiling that produces legal effects or similarly significantly affects you.

To exercise your rights, contact us at josetamu@trustwards.io. We will respond within one month.

Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you.

Children's Privacy

Our services are not directed at children under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

Data Security

We implement appropriate technical and organizational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. However, no method of transmission over the Internet or method of electronic storage is 100% secure, and we cannot guarantee absolute security.

Data Breach Notification

If a personal data breach occurs that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay. Where notification is required, we will describe the nature of the breach, the likely consequences, and the measures taken or proposed to address it. We maintain procedures to detect, report, and investigate security incidents. If you suspect a security issue, please contact us at josetamu@trustwards.io.

How to Lodge a Complaint

You have the right to lodge a complaint with the competent supervisory authority in your jurisdiction. If you are in Spain, you can lodge a complaint with the Spanish Data Protection Authority (Agencia Española de Protección de Datos).

We encourage you to contact us first at josetamu@trustwards.io so we can try to resolve your concern directly.

Updates to This Policy

We review and update this Privacy Policy periodically. The “Last updated” date at the top of this policy shows when it was last changed. If we make significant changes, we will provide notice on the website and/or by email where appropriate. Changes take effect from the date indicated at the top of this policy. Where processing is based on consent, we will request new consent when required.

Contact Us

Email: josetamu@trustwards.io
Address: Calle Río Guadarrama, 45, 28939, Arroyomolinos, Madrid, Spain
Data Controller: José Antonio Tamudo Bértolo

Cookies Policy

Last updated: June 4, 2026

What Are Cookies

Cookies are small text files stored on your device when you visit a website. They help websites remember your preferences and support core functions such as security and saving your choices. Some cookies are strictly necessary for the website to work, while others are used for analytics or other purposes and require your consent.

Types of Cookies We Use

Strictly Necessary Cookies
These cookies are required to provide the website and the features you request, including saving your cookie choices.
Legal basis: Exempt from consent requirement as strictly necessary for the service requested

Cookie Name	Provider	Domain	Duration	Source
__stripe_mid	Stripe	trustwards.io	Session	First-party
trustwardsCookie	Trustwards	trustwards.io	Session	First-party
_ga	Google Analytics	.trustwards.io	14 months	filtered-https://www.googletagmanager.com/gtag/js

Analytics Cookies
These cookies help us understand how visitors use our website. They collect data using pseudonymous identifiers to generate aggregated statistics.
Legal basis: Requires user consent - blocked by default

Cookie Name	Provider	Domain	Duration	Source
_ga_C4RXCF8STM	Google Analytics	.trustwards.io	14 months	filtered-https://www.googletagmanager.com/gtag/js

Other Cookies
These cookies support other non-essential functions, such as tracking affiliate referrals.
Legal basis: Requires user consent - blocked by default

Cookie Name	Provider	Domain	Duration	Source
sc_click_id	SureCart Affiliate	.trustwards.io	7 days	filtered-https://js.surecart.com/v1/affiliates

Third-Party Services and Data Recipients

We use our own consent management system (Trustwards) to record your cookie preferences. The "trustwardsCookie" stores which cookie categories you have accepted or rejected, ensuring your choices persist across visits. This cookie is strictly necessary for compliance with applicable privacy regulations and consent requirements. Your consent data is processed securely and is not shared with third parties unless legally required.

Stripe provides payment-related services and may set cookies that support security and fraud prevention. Stripe processes data collected through cookies and similar technologies according to Stripe’s privacy policy.

Google Analytics provides analytics services to help us measure website usage and performance. When enabled by your consent, Google processes data collected through cookies and similar technologies according to Google’s privacy policy: https://policies.google.com/privacy

SureCart Affiliate provides affiliate referral tracking services. When enabled by your consent, SureCart processes data collected through cookies and similar technologies according to its privacy policy.

International Data Transfers

Some of our service providers are located outside EU/EEA:

- Google Analytics / Google: Google LLC is headquartered in the United States and may process data in the United States and other countries. Where applicable, transfers may rely on the EU-U.S. Data Privacy Framework (DPF) for certified entities and/or Standard Contractual Clauses (SCCs) approved by the European Commission, depending on the specific Google service and contracting entity.
- Stripe: Stripe, Inc. is headquartered in the United States and may process data in the United States and other countries. Where applicable, transfers may rely on the EU-U.S. Data Privacy Framework (DPF) for certified entities and/or Standard Contractual Clauses (SCCs) approved by the European Commission, depending on the specific Stripe service and contracting entity.
- SureCart Affiliate: SureCart is headquartered in the United States and may process data in the United States and other countries. Where applicable, transfers may rely on SCCs and/or other appropriate safeguards depending on the contracting entity and data flows.

We recommend reviewing each provider's privacy policy for detailed information about their data protection measures.

Legal Basis for Processing

Strictly Necessary cookies are exempt from the consent requirement because they are strictly necessary for the service you request and cannot be disabled through our cookie tool. All other cookie categories (including Functional, Analytics, Marketing, and Other) require your consent. These non-essential cookies are blocked by default and are only activated after you provide explicit consent through our cookie banner or cookie settings.

Managing Your Cookie Preferences

You can accept or reject cookie categories at any time. Non-essential cookies remain blocked until you choose to enable them. You can withdraw your consent at any time by updating your choices. Users can manage their cookie preferences through the cookie settings link in our website footer.

How to Control Cookies in Your Browser

You can also control cookies through your browser settings, including viewing cookies stored on your device, deleting existing cookies, blocking cookies, and managing first-party versus third-party cookie settings.
Chrome: Settings > Privacy and security > Third-party cookies (and Site settings > Cookies and site data).
Firefox: Settings > Privacy & Security > Cookies and Site Data.
Safari (macOS): Safari > Settings (or Preferences) > Privacy > Manage Website Data.
Edge: Settings > Cookies and site permissions > Cookies and site data.
If you block cookies, some website features may not work as intended. Strictly Necessary cookies are required for the site to function and for saving your cookie choices.

Similar Technologies

We do not use other similar tracking technologies beyond cookies.

Cookie Retention Periods

Session cookies are deleted when you close your browser.
Persistent cookies remain on your device for the duration shown in the tables above unless you delete them earlier. On Trustwards, the following cookies are persistent: _ga (14 months), _ga_C4RXCF8STM (14 months), sc_click_id (7 days).

Your Rights

You have the right to withdraw your consent at any time by changing your cookie preferences through our cookie settings. You have the right to access information about the cookies we use (provided in this policy), and to request deletion of cookie data (for example, by deleting cookies in your browser and requesting assistance where applicable). You also have the right to lodge a complaint with the data protection authority in your country if you believe your rights have been violated. To exercise your rights, contact us at jose11tamu@gmail.com. Please refer to our Privacy Policy for specific supervisory authority contact details.

Updates to This Policy

We review this policy periodically and update it when our cookie practices change. The “Last updated” date at the top indicates when changes were last made. For significant changes, we will notify users through the cookie banner and request new consent where required. Changes take effect from the date indicated at the top of this policy.

Contact Us

Legal entity: José Antonio Tamudo Bértolo
Email: jose11tamu@gmail.com
Address: Calle Río Guadarrama 45, 28939, Arroyomolinos, Madrid, España

Privacy Notice

Last updated: June 4, 2026

Notice at Collection

This Notice at Collection applies to California consumers and explains what categories of personal information Trustwards collects and the business or commercial purposes for collecting and using that information.

Categories of Personal Information We Collect

We collect the following categories of personal information:

Identifiers (name, email, address, phone number)

Internet or other electronic network activity (browsing history, search history, interactions)

Geolocation data

How We Use Your Information

We collect and use personal information for the following business or commercial purposes:

To process transactions

To provide customer support

To improve our services

For marketing purposes

Sale and Sharing of Personal Information

We do not sell personal information as “sell” is defined under the CCPA/CPRA.

We do not share personal information for cross-context behavioral advertising as “share” is defined under the CCPA/CPRA.

Based on our most recent scan, we use the following service providers that may receive personal information (such as online identifiers, including pseudonymous identifiers, and internet or other electronic network activity information) in order to provide services to us:

Stripe

Google Analytics

SureCart Affiliate

Trustwards (our own consent management platform, not a third party)

Retention

We retain personal information for as long as necessary to fulfill the purposes described in this Notice at Collection, to comply with legal obligations, and to resolve disputes.

Your California Privacy Rights

Subject to certain exceptions, California consumers have the following rights under the CCPA/CPRA:

Right to know/access: You can request information about the personal information we collected about you, including the categories of personal information collected and the purposes for which it was collected and used.

Right to delete: You can request that we delete personal information we collected from you.

Right to correct: You can request that we correct inaccurate personal information we maintain about you.

Right to opt-out of sale/sharing: You can direct a business not to sell or share your personal information. Although we do not sell or share personal information as defined by the CCPA/CPRA, you may still submit an opt-out request.

Right to limit use of sensitive personal information: You can request that we limit the use and disclosure of sensitive personal information to what is necessary to provide services or goods reasonably expected by an average consumer. If we collect sensitive personal information, you may submit a request to limit its use.

Right to non-discrimination: You have the right not to receive discriminatory treatment for exercising your CCPA/CPRA rights.

How to submit a request: You may submit a request by emailing josetamu@trustwards.io. We will respond within 45 days of receiving your request, unless an extension is permitted by law.

Global Privacy Control (GPC): We honor opt-out preference signals sent through the Global Privacy Control where required under the CCPA/CPRA.

Contact Us

José Antonio Tamudo Bértolo
Email: josetamu@trustwards.io

FAQ

Frequently asked questions

[ ** / ** ] GENERAL

What is Trustwards?

Trustwards is a Consent Management Platform packaged as a WordPress plugin. It helps you comply with GDPR, CCPA, LGPD, and PIPEDA on autopilot, while letting you design a fully custom banner in the builder that truly reflects your brand identity.

Am I complying right when activating?

Yes. You start complying as soon as you activate the Trustwards plugin on your website. A default banner is enabled automatically, which you can change at any time, and you start collecting consents from minute one.

Will I comply with GDPR and CCPA?

Yes. Trustwards supports GDPR, CCPA, LGPD, and PIPEDA. It is as simple as enabling or disabling regulations from the plugin dashboard, and the rest of the Trustwards system on your website will automatically react to comply with the active regulations.

Do I need to maintain my website compliance?

No, it is not necessary. Trustwards runs daily scans on your website and automatically adds any new cookies to consent management, so you do not have to do anything manually. Your only concern should be having Trustwards installed on your site.

Who uses Trustwards?

Trustwards is used by freelancers, agencies, and website owners who need to comply with international regulations because they operate in those countries.

Will you be adding more features?

We constantly add new features through new releases, which you can keep up with by checking the changelog or subscribing to the newsletter.

Can I request a feature?

Absolutely. You can request a new feature by contacting us or posting in the community. We will review it promptly and add it to the roadmap. Just make sure it has not already been added to the changelog or is not already listed on the roadmap.

Why did you increase pricing?

Trustwards pricing is not fixed. As we release new versions and features, the price of Trustwards increases. However, you can lock in the current pricing and keep that price forever.

Can I try Trustwards before purchasing?

Sure. You can create a temporary site with Trustwards included at playground

What is your Refund Policy?

We offer a full refund on the subscription you choose within the first 10 days from purchase. No questions asked. This only applies to your first subscription; renewals are not included.

[ ** / ** ] HOW IT WORKS

What is the Banner builder?

The Trustwards builder lets you create your own banner and modal with full control over design and animations, so consent management stays aligned with your website’s branding.

Do I have to manually translate each language?

No. You do not need WPML, Polylang, or any other plugin to translate the texts. Trustwards automatically translates all banner texts, policies, and other content into 60 different languages with no manual work required.

What is the Cookie scanner?

The cookie scanner detects all cookies on your website, categorizes them, and adds them to consent management so they are not injected until the user gives consent, helping you comply with current regulations.

What is the Consent logs?

Consent logs record all consents given by users on your website and allow you to export them in Excel and PDF format. Keeping them organized is essential for any audit or inspection.

What is the Policies generator?

Trustwards lets you generate your Privacy Policy, Cookie Policy, and Privacy Notice (for CCPA) in just a few minutes by following a simple questionnaire. These policies are unified in a policy center that you can place anywhere using a shortcode.

What is DSARs?

The Data Subject Access Request. At Trustwards, we have developed a feature that allows users to view and export their own consent records without needing to contact the data controller, making the process much faster. You can place the DSAR center anywhere using a shortcode.

How does my website adapt to Regulations?

You can enable and disable regulations from the Regulations tab. When a regulation is activated, the entire Trustwards ecosystem reacts automatically. For example, if GDPR is active and you also enable CCPA, you will see two tabs in the builder: one for designing the GDPR banner and another for the CCPA banner.

Do you comply with Google Consent Mode v2?

Yes. Trustwards complies with Google Consent Mode v2 and uses Google’s dataLayer to send the appropriate signals to its services, following Google’s recommended best practices.

Do you support IAB TCF v2.3?

Trustwards will apply to the IAB in Q2 2026. At that point, we will also include TCF v2.3 in the consent management system.

What about Page Speed and Accessibility?

Trustwards keeps the frontend consent script minified, lightweight, and free from unnecessary bloat, using only the code required for everything to work properly. The full script is around 30KB while handling the entire consent experience.
All consent elements are keyboard-accessible and built following accessibility best practices.

Start complying out of the box

Get started Community

Download Trustwards

Available from your dashboard. Install it on your WordPress site and activate your license.

Comply out of the box

Start complying automatically as soon as Trustwards is running on your website.

Focus on your business

Cookies are detected and categorized in auto mode thanks to the daily scanner.

The Consent Management Platform for WordPress

Join our Newsletter. No spam, we promise.

Policies center

DSARs center

Cookie settings

All systems operational

Trustwards is a Consent Management Platform (CMP) for WordPress intended to assist website owners and operators in configuring, displaying, and managing consent interfaces and related privacy settings in connection with applicable data protection and privacy laws, including, where relevant, the General Data Protection Regulation (GDPR) and ePrivacy requirements. Trustwards is provided solely as a technical software solution to support compliance-related workflows and does not constitute legal advice, regulatory certification, or any representation that a website, business, or data processing activity is fully compliant with any law or regulatory requirement solely by reason of using the platform.

The implementation, configuration, supervision, and ongoing maintenance of Trustwards remain entirely the responsibility of the user. Compliance depends on a wide range of factors that are outside the control of Trustwards, including the technologies deployed on the website, the accuracy of cookie and script classification, the services and third-party tools in use, the jurisdictions in which the website operates, the manner in which consent choices are presented and enforced, and whether the website operator’s actual data processing practices are consistent with the selected configuration. The user is solely responsible for ensuring that the platform is correctly implemented and that all settings, disclosures, and consent mechanisms accurately reflect the website’s operations and legal obligations.

Trustwards does not warrant, guarantee, or undertake that use of the platform will prevent non-compliance, regulatory action, claims, investigations, penalties, or fines. Trustwards shall have no responsibility or liability whatsoever for any failure by the user to configure, maintain, update, monitor, or otherwise use the platform in a lawful and appropriate manner, including any misuse, incorrect implementation, incomplete deployment, failure to block or manage technologies properly, inaccurate consent setup, or failure to adapt the platform to changes in applicable law, regulatory guidance, or the user’s own business practices. Users are responsible for independently verifying their compliance position and for obtaining legal or professional advice where appropriate.

To the fullest extent permitted by applicable law, Trustwards expressly disclaims any liability for any direct, indirect, incidental, consequential, special, regulatory, or financial loss, damage, penalty, fine, cost, or claim arising out of or related to the use of, inability to use, reliance upon, misconfiguration of, or improper implementation of the platform. By using Trustwards, the user acknowledges and agrees that Trustwards is an assistance tool only, that final legal and regulatory compliance cannot be delegated to the software provider, and that full responsibility for compliance with all applicable laws and regulations remains at all times exclusively with the website owner, operator, or controller.