TrueLocal
Sign in

Legal

Privacy Policy & GDPR

Last updated: 20 May 2026

This policy explains how TrueLocal ("we", "us") collects, uses and protects your personal data in line with the EU General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018.

1. Data controller

TrueLocal is the data controller for personal data processed through this app. Contact our Data Protection team at privacy@truelocal.app.

2. What data we collect

  • Account details: full name, date of birth, email, password (hashed), phone (optional).
  • Profile: display name, avatar, address/postcode, approximate location.
  • Listings & trades: titles, descriptions, photos, prices, chat messages, reviews.
  • Technical: device type, IP address, app version, crash logs.
  • Location: only when you tap "Near me" — used in-session, not stored.

3. Why we process it (lawful basis)

  • Contract (Art. 6(1)(b)): to run your account, listings, chat and trades.
  • Legitimate interest (Art. 6(1)(f)): fraud prevention, safety, reliability scoring, service improvement.
  • Legal obligation (Art. 6(1)(c)): tax records, responding to law-enforcement requests.
  • Consent (Art. 6(1)(a)): marketing emails, optional analytics, precise location.

4. Who we share data with

  • Other members — only your public profile, listings and chat messages you send.
  • Trusted processors: hosting, email delivery, image storage, analytics (all under GDPR-compliant DPAs).
  • Authorities, when legally required.
We never sell your personal data.

5. International transfers

Data may be processed in the EU/EEA, UK and other jurisdictions. Where data leaves the EEA we rely on Standard Contractual Clauses or adequacy decisions.

6. How long we keep data

  • Account data: while your account is open + 30 days after deletion.
  • Trade & chat history: 24 months for dispute resolution.
  • Financial/tax records: 6 years (legal requirement).
  • Backups are purged on a 90-day rolling cycle.

7. Your GDPR rights

  • Access — get a copy of your data.
  • Rectification — correct inaccurate data.
  • Erasure ("right to be forgotten") — delete your account and data.
  • Restriction — pause processing while issues are resolved.
  • Portability — export your data in machine-readable form.
  • Object — opt out of processing based on legitimate interest.
  • Withdraw consent — at any time, without affecting prior processing.
  • Lodge a complaint with your local supervisory authority (e.g. ICO in the UK, CNIL in France).
Exercise any right by emailing privacy@truelocal.app or using the controls in your profile. We respond within 30 days.

8. Security

  • TLS encryption in transit, AES-256 at rest.
  • Row-level security on all user data.
  • Hashed passwords (bcrypt/argon2), MFA available.
  • Least-privilege access, audit logs, regular penetration tests.
  • Breach notification to the supervisory authority within 72 hours where required.

9. Children

TrueLocal is not for under-18s. We do not knowingly collect data from children. If you believe a minor has registered, contact us and we will remove the account.

10. Cookies & tracking

We use strictly-necessary cookies for login and security. Analytics and preference cookies are only set with your consent, which you can change at any time in settings.

11. Safety on the platform

  • Meet in public places; share trip details with someone you trust.
  • Never share bank PINs, ID numbers or one-time codes in chat.
  • Report suspicious behaviour via the report button on any listing or chat.
  • We use automated and human moderation to detect scams and prohibited items.

12. Changes to this policy

We will notify you in-app of material changes at least 14 days before they take effect.

13. Contact & DPO

Data Protection Officer: dpo@truelocal.app. Postal queries: TrueLocal Privacy, PO Box (to be confirmed).
← Back to sign up