Legal

Privacy Policy

Effective date: 25 May 2026 · Last updated: 25 May 2026

In plain English. We collect as little data as possible. We never sell it. The only personal data we hold is what you give us through the contact form, and we use it to write you back, nothing else.

On this page

Who we are
What data we collect
Why we collect it
Lawful basis (GDPR)
Who we share it with
How long we keep it
Cookies & tracking
Your rights
International transfers
Children
Changes to this policy
Contact us

1. Who we are

TruTalk is operated by an independent founder based in Milan, Italy. For the purposes of the EU General Data Protection Regulation (Regulation 2016/679, "GDPR") and Italian Legislative Decree 196/2003 as amended ("Codice Privacy"), we are the data controller of any personal data described in this policy.

Contact:
TruTalk
Via Vespiri Siciliani
20146 Milano, Italy
Email: letstrutalk@gmail.com

2. What data we collect

We collect only what is necessary for the service to function and to respond to you. Specifically:

Data you give us directly

Contact form submissions, name, email address, and the contents of your message. Submitted only when you choose to send us a message via the form on our homepage.
Email correspondence, if you email us at letstrutalk@gmail.com, we receive your email address and message contents.

Data collected automatically

Server logs, our hosting provider (Netlify) automatically logs basic technical information when you visit the site, including your IP address, browser type, referring URL, and timestamp. These logs are retained for short periods for security and abuse-prevention purposes.
Anti-spam protection, Netlify Forms uses an invisible honeypot field and may use Akismet-style spam detection to filter out automated submissions.
Analytics, if you have given consent via our cookie banner, we may use a privacy-friendly analytics tool (such as Plausible) to count aggregate visits. We never collect personally identifiable information for analytics, and we never share data with advertising networks.

We do not collect: Conversation content from the TruTalk web app (app.letstrutalk.com), location data, payment information (Stripe handles this directly), social-media identifiers, advertising IDs, or biometric data.

3. Why we collect it

To respond to inquiries, we use the name and email from your contact form submission only to reply to your message.
To operate the website, server logs help us prevent abuse and diagnose technical issues.
To improve the service, aggregate analytics (with consent) help us understand which pages people read.
To comply with the law, we may process data to meet legal obligations, such as responding to a binding court order.

4. Lawful basis for processing (GDPR Art. 6)

Consent (Art. 6(1)(a)), for analytics cookies, and for any optional newsletter sign-ups.
Performance of a contract or pre-contractual steps (Art. 6(1)(b)), when you contact us with a business inquiry.
Legitimate interest (Art. 6(1)(f)), for security logging, abuse prevention, and replying to general inquiries. We always balance this against your privacy rights.
Legal obligation (Art. 6(1)(c)), to comply with applicable law.

5. Who we share it with

We never sell or rent your personal data. We share it only with the following sub-processors who help us run the service:

Netlify, Inc. (USA), hosting and form handling. Privacy policy
Google LLC (USA), Gmail receives forwarded contact-form submissions; Google Fonts loads the Inter typeface. Privacy policy
Cloudflare, Inc. (USA), content delivery for our app, if applicable. Privacy policy
Stripe, Inc. (USA / Ireland), payment processing for TruTalk+ subscriptions. We never see or store your full card details. Privacy policy

We may add or change sub-processors over time. Material changes will be noted here.

6. How long we keep it

Contact-form submissions: retained for up to 24 months from your last interaction, then deleted, unless we are required to keep them for legal reasons.
Server logs: retained for up to 30 days by Netlify.
Analytics (aggregate, no PII): retained for up to 24 months.
Subscription records: retained for as long as you have an active account, plus 10 years for accounting/tax purposes as required by Italian law.

7. Cookies and tracking

We use cookies and similar technologies only where strictly necessary and, where required by law, only with your prior consent.

Strictly necessary (no consent required)

Cookie-preference cookie, stores your choice from our cookie banner so we don't ask again on every visit.

Optional, consent-based

Analytics, only loaded if you accept analytics via the cookie banner. We use a privacy-friendly analytics product that does not use third-party cookies, does not fingerprint visitors, and does not collect personal data.

You can change your cookie preferences at any time by clearing your site data in your browser settings, or by emailing us.

8. Your rights under GDPR

You have the following rights regarding your personal data. To exercise any of them, email us at letstrutalk@gmail.com. We will respond within one month.

Right of access (Art. 15), request a copy of the personal data we hold about you.
Right to rectification (Art. 16), ask us to correct inaccurate or incomplete data.
Right to erasure ("right to be forgotten", Art. 17), ask us to delete your data.
Right to restrict processing (Art. 18), ask us to pause processing in certain cases.
Right to data portability (Art. 20), receive your data in a portable format.
Right to object (Art. 21), object to processing based on legitimate interests.
Right to withdraw consent (Art. 7), at any time, for processing based on consent.
Right to lodge a complaint, with the Italian supervisory authority: Garante per la protezione dei dati personali (Piazza Venezia 11, 00187 Roma).

9. International data transfers

Some of our sub-processors (Netlify, Google, Stripe, Cloudflare) are based in the United States. When personal data is transferred outside the European Economic Area, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, and additional safeguards where required, to ensure your data remains protected at a standard equivalent to GDPR.

10. Children

TruTalk is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

11. Changes to this policy

We may update this policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you by email or by an in-product notice. Continued use of the site after a change means you accept the updated policy.

12. Contact us

For any privacy-related question, including requests to exercise your rights, please contact:

TruTalk
Via Vespiri Siciliani, 20146 Milano, Italy
Email: letstrutalk@gmail.com

This privacy notice has been drafted to reflect the requirements of Regulation (EU) 2016/679 (GDPR) and applicable Italian law. It is provided in good faith but does not constitute legal advice. We recommend periodic review with qualified counsel.