Website Privacy Policy

Effective Date: 10 May 2026

Who We Are

• This privacy policy explains how TruLens (“we”, “us”, “our”) collects, uses, and protects information when you visit our website at www.trulens.co.uk and its subdomains (food.trulens.co.uk, it.trulens.co.uk) (collectively, the “Website”).
• TruLens is a business-to-business software-as-a-service (“SaaS”) platform. We are the data controller for personal data collected through the Website itself (such as visitor analytics and contact form submissions).
• For personal data processed through our SaaS products on behalf of our customers, we act as a data processor. That processing is governed by our Data Processing Agreement, available on request from hello@trulens.co.uk.
• Our registered address is: 4th Floor, Silverstream House, 45 Fitzroy Street, Fitzrovia, London, W1T 6EB. You can contact us at hello@trulens.co.uk.

Information We Collect

When you visit the Website, we may collect the following categories of information:

Information Collected Automatically

• Our hosting infrastructure (Amazon Web Services CloudFront) automatically logs standard web server data when you access the Website. This includes your IP address, browser type and version, operating system, referring URL, pages visited, date and time of access, and approximate geographic location derived from your IP address.
• These logs are retained for operational and security purposes (such as detecting abuse or diagnosing technical issues) and are typically retained for no longer than 90 days.
• We do not currently use any third-party analytics services (such as Google Analytics) or advertising tracking technologies on the Website.

Information You Provide Voluntarily

• If you contact us via email at hello@trulens.co.uk or through any contact form on the Website, we will collect your name, email address, and any other information you choose to include in your message.
• If you register for an account on one of our SaaS products, we collect the information required for account creation, including your name, email address, and organisation name. The processing of data within our products is governed by our Terms & Conditions and Data Processing Agreement, not this privacy policy.

Cookies and Similar Technologies

• The Website uses only strictly necessary cookies required for the functioning of the site, such as session management and security tokens issued by our authentication provider (AWS Cognito).
• We do not use any cookies for advertising, behavioural tracking, or analytics purposes.
• Because we use only strictly necessary cookies, consent for these cookies is not required under the Privacy and Electronic Communications Regulations 2003 (PECR). Should we introduce non-essential cookies in the future, we will update this policy and implement a cookie consent mechanism before doing so.

How We Use Your Information

We use information collected through the Website for the following purposes:

• To operate, maintain, and secure the Website
• To respond to enquiries and communications you send us
• To detect, prevent, and address security incidents or technical issues
• To comply with applicable legal obligations

We process this information on the following lawful bases under UK GDPR:

• Legitimate interests (Article 6(1)(f)): operating and securing the Website, responding to enquiries
• Consent (Article 6(1)(a)): where you have voluntarily provided information to us
• Legal obligation (Article 6(1)(c)): where we are required to retain data by law

Data Sharing and Third Parties

• We do not sell, rent, or trade your personal data to any third party.
• We may share your information with the following categories of service providers who process data on our behalf and under our instructions:
  • Amazon Web Services (AWS): cloud hosting, content delivery, and infrastructure services
• We may also disclose your information where required by law, regulation, or legal process, or to protect our rights, property, or safety.

International Data Transfers

• Our infrastructure is currently hosted on Amazon Web Services in the United States (us-east-1 region). We are in the process of migrating to the UK region (eu-west-2).
• Where personal data is transferred outside the United Kingdom, we ensure that appropriate safeguards are in place. Amazon Web Services operates under the UK International Data Transfer Addendum to the EU Standard Contractual Clauses, which provides an adequate level of protection for personal data transferred internationally.

Data Retention

• Web server logs are retained for a maximum of 90 days and then deleted.
• Contact enquiry data (emails and form submissions) is retained for as long as necessary to address your enquiry and for a reasonable period thereafter (typically 12 months) unless you request earlier deletion.
• Account registration data is retained for the duration of your account and is subject to the data retention terms in our Terms & Conditions and Data Processing Agreement.

Your Rights

Under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, you have the following rights in relation to your personal data:

• Right of access: to request a copy of the personal data we hold about you
• Right to rectification: to request correction of inaccurate or incomplete data
• Right to erasure: to request deletion of your personal data in certain circumstances
• Right to restriction: to request that we limit how we use your data
• Right to data portability: to receive your data in a structured, machine-readable format
• Right to object: to object to processing based on our legitimate interests
• Right to withdraw consent: where processing is based on consent, you may withdraw it at any time

To exercise any of these rights, please contact us at hello@trulens.co.uk. We will respond to your request within one calendar month, as required by law.

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at www.ico.org.uk.

Children

• The Website and our products are intended for business use only and are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us and we will take steps to delete it promptly.

Security

• We implement appropriate technical and organisational measures to protect your personal data, including encryption in transit (TLS/HTTPS), access controls, and regular security reviews.
• No method of transmission over the internet is completely secure. While we take reasonable steps to protect your information, we cannot guarantee absolute security.

Changes to This Policy

• We may update this privacy policy from time to time. Any changes will be posted on this page with an updated effective date. We encourage you to review this policy periodically.
• Where changes are material, we will make reasonable efforts to notify you, such as by placing a prominent notice on the Website.

Contact Us

If you have any questions about this privacy policy or our data practices, you can contact us at: