Privacy Policy

Overview

Trusted Guild operates a curated directory that connects businesses with vetted agencies, freelancers, and consultants. This policy explains what information we collect when you use Trusted Guild, how we use it, and the choices you have. If you have questions not answered here, email us at support@trustedguild.com.

Information we collect

We collect information in three ways: what you give us directly, what is generated automatically as you use the site, and what our payment processor provides us after a transaction.

• Account information. When you sign up, we collect your email address. If you sign in with Google, we also receive your name and profile picture from Google.
• Listing information. If you submit a listing, we collect your business name, description, website, contact details, service information, and any portfolio or case study links you provide. This information is displayed publicly on your listing profile.
• Inquiry content. When a buyer submits an inquiry through the site, that message is routed to the listing owner. We store a copy to facilitate delivery and to prevent abuse.
• Payment information. Payments are processed by Stripe. We do not store your card number, CVV, or full card details — Stripe handles and stores that data. We receive a confirmation of the transaction and a reference to your Stripe customer record.
• Usage data. We automatically collect standard server log data — your IP address, browser type, referring URL, pages visited, and timestamps. We use this to operate the site and diagnose problems. We do not sell this data.

How we use your information

• To create and manage your account
• To display your listing in the directory
• To route buyer inquiries to listing owners
• To process payments and manage your subscription or one-time purchases
• To send transactional emails — verification links, payment receipts, and inquiry notifications. We do not send marketing email without your explicit opt-in.
• To detect and prevent fraud, spam, or abuse
• To improve the site based on aggregate usage patterns

Legal basis for processing (GDPR)

If you are located in the European Economic Area or the UK, we process your personal data under the following legal bases:

• Contract. Processing your account information and listing data is necessary to provide the service you have signed up for.
• Legitimate interest. We process usage logs and inquiry records to operate, secure, and improve the platform. Our interest in running a reliable directory does not override your privacy rights.
• Legal obligation. We retain payment records as required by applicable financial and tax law.
• Consent. Where we send optional marketing communications, we will ask for your consent first and you may withdraw it at any time.

International data transfers

Trusted Guild is operated from the United States. Our infrastructure providers — Supabase, Vercel, Stripe, and Resend — process data on servers located primarily in the United States. If you access the site from the EEA, UK, or other regions with data transfer restrictions, your information will be transferred to and processed in the US. Where required, these transfers are governed by Standard Contractual Clauses or equivalent safeguards as provided by each processor. By using Trusted Guild, you acknowledge this transfer.

Third-party services

We use a small number of third-party services to operate Trusted Guild. Each handles data according to its own privacy policy.

• Supabase — database and authentication. Your account data and listing content are stored on Supabase infrastructure.
• Stripe — payment processing. Stripe stores your payment method and billing history.
• Resend — transactional email delivery. Email addresses are passed to Resend solely to send messages you have triggered (e.g. a verification link).
• Vercel — hosting and edge infrastructure. Vercel processes request data as part of serving the site.

We do not sell your personal information to third parties. We do not use advertising networks or cross-site tracking pixels.

Where required by law, we have entered into Data Processing Agreements with each of these processors, binding them to handle your data only as instructed and with appropriate security measures in place.

Automated decision-making

Trusted Guild does not make decisions about you solely through automated means that produce legal or similarly significant effects. Our listing review process may use automated checks as a first step, but a human reviews each listing before it is approved or rejected.

Data breach notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of it, as required by GDPR. Where the breach is likely to result in a high risk to you personally, we will also notify you directly without undue delay.

Cookies

We use a session cookie to keep you signed in and a small number of functional cookies required by our authentication provider. We do not use advertising or analytics cookies. You can disable cookies in your browser, but doing so will prevent you from signing in.

Data retention

We retain your account and listing data for as long as your account is active. If you close your account or request deletion, we will remove your personal data within 30 days, except where we are required to retain it for legal or financial compliance reasons (e.g. payment records).

Your rights

Depending on where you are located, you may have the right to:

• Access — request a copy of the personal data we hold about you
• Correction — ask us to correct inaccurate or incomplete data
• Deletion — request that we delete your personal data, subject to legal retention obligations
• Portability — receive your data in a structured, machine-readable format (EEA/UK)
• Restriction — ask us to pause processing of your data in certain circumstances (EEA/UK)
• Objection — object to processing based on legitimate interest (EEA/UK)

To exercise any of these rights, email support@trustedguild.com and we will respond within 30 days (or 45 days for California residents under CCPA/CPRA).

If you are in the European Economic Area or the UK, you also have the right to lodge a complaint with your local data protection authority.

California residents (CCPA/CPRA). We do not sell your personal information and we do not share it for cross-context behavioral advertising purposes. The categories of personal information we collect include: identifiers (email address, IP address), commercial information (payment history), internet or electronic network activity (usage logs), and professional or employment-related information (listing content you provide). We do not collect sensitive personal information as defined under CPRA (e.g. Social Security numbers, precise geolocation, health data, financial account credentials).

As a California resident you have the right to: know what personal information we collect and how it is used; delete your personal information; correct inaccurate information; opt out of the sale or sharing of your personal information (we do not sell or share); and limit the use of sensitive personal information (we do not collect any). We will not discriminate against you — in pricing, service quality, or otherwise — for exercising any of these rights.

We honor the Global Privacy Control (GPC) signal. If your browser or extension sends a GPC signal when you visit Trusted Guild, we treat it as a valid opt-out of sale and sharing request.

To submit a request, email support@trustedguild.com or use the contact form linked in the footer. We will respond within 45 days. If we need more time, we will notify you of the extension within the initial 45-day window.

Changes to this policy

If we make material changes to this policy, we will update the date at the top of this page and, where appropriate, notify you by email. Continued use of Trusted Guild after any changes constitutes your acceptance of the updated policy.

Contact

Questions about this policy or how we handle your data? Email us at support@trustedguild.com.

EU/UK representative. Trusted Guild is operated from the United States. If you are located in the European Economic Area or the United Kingdom and wish to exercise your data rights or raise a concern, you may contact us directly at the email above. We are in the process of appointing a formal EU/UK representative as required under Article 27 of the GDPR; this page will be updated when that appointment is made.