Privacy Policy

Effective Date: May 26, 2026

Thank you for choosing to be part of our community at Truly Human, Inc. (“TruHu”, “Company”, “we”, “us”, or “our”). We are committed to protecting your personal information and your right to privacy. If you have any questions or concerns about this privacy notice, or our practices with regards to your personal information, please contact us at support@truhu.com.

When you use any of our services (the “Services”) we appreciate that you are trusting us with your personal information. In this privacy notice, we seek to explain to you in the clearest way possible what information we collect, how we use it and what rights you have in relation to it. If there are any terms in this privacy notice that you do not agree with, please discontinue use of our Services immediately and contact us at support@truhu.com. This privacy notice applies to all information collected through our Services, as well as any related services, sales, marketing or events.

Please read this privacy notice carefully as it will help you understand what we do with the information that we collect.

1. What Information Do We Collect?

Personal information you disclose to us

In Short: We collect information that you provide to us.

We collect information about you directly from you and from third parties, as well as automatically through your use of our Site or Services.

We collect personal data when you or your employer provide data when using the site or service, update account information, contact customer service, or otherwise communicate with us.

The personal information that we collect depends on the context of your interactions with us and the website, the choices you make and the products and features you use. The personal information we may collect includes the following:

  • Name
  • Email address (provided by you or your employer)
  • Phone number (for text messaging purposes)
  • Username and password
  • Account preferences and settings

All personal information that you provide to us must be true, complete, and accurate, and you must notify us of any changes to such personal information.

Information automatically collected

In Short: Some information — such as your Internet Protocol (IP) address and/or browser and device characteristics — is collected automatically when you visit our website.

We automatically collect certain information when you visit, use or navigate the website. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Service, and other technical information. This information is primarily needed to maintain the security and operation of our service and for our internal analytics and reporting purposes.

Additionally, we collect detailed activity logs and usage analytics for reporting and auditing purposes. This includes user actions, feature usage, and interaction patterns within the Service to help administrators track and report organizational activity.

We use this information to operate, secure, and improve the Services and to produce aggregated, de-identified benchmarks and analytics about platform usage. We do not sell your personal information, and we do not use it for advertising or share it for cross-context behavioral advertising.

Like many businesses, we also collect information through cookies and similar technologies. We use essential cookies required for the Service to function and analytics cookies to understand usage patterns. We do not use advertising or marketing cookies.

2. Will Your Information Be Shared with Anyone?

In Short: We only share information with your consent, to comply with laws, to provide you with services, to protect your rights, or to fulfill business obligations.

We may process or share your data that we hold based on the following legal basis:

  • Consent: We may process your data if you have given us specific consent to use your personal information in a specific purpose.
  • Legitimate Interests: We may process your data when it is reasonably necessary to achieve our legitimate business interests.
  • Performance of a Contract: Where we have entered into a contract with you, we may process your personal information to fulfill the terms of our contract.
  • Legal Obligations: We may disclose your information where we are legally required to do so in order to comply with applicable law, governmental requests, a judicial proceeding, court order, or legal process, such as in response to a court order or a subpoena (including in response to public authorities to meet national security or law enforcement requirements).
  • Vital Interests: We may disclose your information where we believe it is necessary to investigate, prevent, or take action regarding potential violations of our policies, suspected fraud, situations involving potential threats to the safety of any person and illegal activities, or as evidence in litigation in which we are involved.

More specifically, we may need to process your data or share your personal information in the following situations:

  • Business Transfers. We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
  • Affiliates. We may share your information with our affiliates, in which case we will require those affiliates to honor this privacy notice. Affiliates include our parent company and any subsidiaries, joint venture partners or other companies that we control or that are under common control with us.
  • Business Partners. We may share your information with our business partners to offer you certain products, services or promotions.
  • Other Users. When you share personal information or otherwise interact with public areas of the web site, such personal information may be viewed by other users within your organization. Additionally, administrators within your organization may access activity logs and usage analytics for auditing and reporting purposes. Other users within your organization will be able to view descriptions of your activity, communicate with you within our web site, and view your profile.
  • Service providers and AI sub-processors. We use a limited set of service providers to operate the Services, including cloud infrastructure and hosting, our database provider, and email delivery. We also use third-party artificial intelligence providers to power certain features. These providers process data only to provide their services to us, are contractually prohibited from using your data to train their models, and are configured for zero data retention. A current list of our sub-processors is available through our Trust Center.

3. Do We Use Cookies and Other Tracking Technologies?

In Short: We may use cookies and other tracking technologies to collect and store your information.

We may use cookies and similar tracking technologies to access or store information. Specific information about how we use such technologies and how you can refuse certain cookies is set out in our Cookie Notice.

Cookies in the TruHu platform. Within the TruHu platform (the application your employer provides for logged-in users), we use only essential cookies required for the application to function, such as those that keep you signed in and maintain your session. On our public website we also use analytics cookies to understand usage. We do not use advertising or marketing cookies in either the platform or on the website.

Do Not Track. Some browsers send Do Not Track signals. There is no common industry standard for responding to these signals, so we do not currently respond to them.

4. Is Your Information Transferred Internationally?

In Short: We may transfer, store, and process your information in countries other than your own.

Our servers are located in the United States. If you are accessing our Site from outside the US, please be aware that your information may be transferred to, stored, and processed by us in our facilities and by those third parties with whom we may share your personal information (see “Will Your Information Be Shared with Anyone?” above), in the US and other countries.

If you are a resident in the European Economic Area, then these countries may not necessarily have data protection laws or other similar laws as comprehensive as those in your country. We will however take all necessary measures to protect your personal information in accordance with this privacy notice and applicable law.

5. How Long Do We Keep Your Information?

In Short: We keep your information for as long as necessary to fulfill the purposes outlined in this privacy notice unless otherwise required by law.

We will only keep your personal information for as long as it is necessary for the purposes set out in this privacy notice, unless a longer retention period is required or permitted by law (such as tax, accounting or other legal requirements). Our retention periods vary based on the type of data and the purpose for which it was collected, but we strive to keep data only as long as necessary.

When we no longer need your personal information, we will take reasonable steps to delete or de-identify it, or, where that is not yet feasible, to securely store and isolate it from further processing. Our retention and deletion practices may vary depending on the type of data, our systems, and applicable legal requirements.

6. How Do We Keep Your Information Safe?

In Short: We aim to protect your personal information through a system of organizational and technical security measures.

We have implemented appropriate technical and organizational security measures designed to protect the security of any personal information we process. These measures include strong encryption of personal information in transit and, where technically feasible, at rest, secure servers, access controls, and regular security assessments. We are SOC 2 Type 2 compliant, demonstrating our commitment to security best practices.

However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security, and improperly collect, access, steal, or modify your information. Although we will do our best to protect your personal information, transmission of personal information to and from our Services is at your own risk. You should only access the Services within a secure environment.

7. Do We Collect Information from Minors?

In Short: We do not knowingly collect data from or market to children under 18 years of age.

We do not knowingly solicit data from or market to children under 18 years of age unless they are affiliated with an organization utilizing our Site or Services. If we learn that personal information from users less than 18 years of age and not affiliated with an organization utilizing our Site or Services has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records.

8. What Are Your Privacy Rights?

In Short: You may review, change, or terminate your account at any time.

If you are resident in the European Economic Area and you believe we are unlawfully processing your personal information, you also have the right to complain to your local data protection supervisory authority.

Account Information

If you would at any time like to review or change the information in your account or terminate your account, you can:

  • Log into your account settings and update your profile information
  • Manage your communication preferences to opt-out of text messages or email notifications
  • Request data deletion through your account settings
  • Contact us at support@truhu.com for assistance

Upon your request to terminate your account, we will deactivate your account and take reasonable steps to delete or de-identify the associated information, subject to our retention practices and applicable law. We may retain some information to prevent fraud, troubleshoot problems, assist with investigations, enforce our Terms of Use, and comply with legal requirements.

Communications

Since we only send service-related communications (no marketing), you cannot fully opt-out of these messages while maintaining an active account. However, you can manage your notification preferences:

  • For text messages: Reply “STOP” to opt-out of SMS notifications
  • For emails: Update your preferences in account settings

Note that you will still receive essential service communications such as security alerts and critical system updates.

9. State-Specific Privacy Rights

Residents of certain states may have additional privacy rights under state law. These rights are generally covered by the privacy practices described throughout this notice. If you have questions about your rights under your state's law, please contact us at support@truhu.com.

California Privacy Rights

This section applies to California residents, including employees and other individuals whose personal information we process on behalf of an employer that uses our Services. California law gives these residents specific rights.

The categories of personal information we collect are identified in “What information do we collect?” above: identifiers (such as name, email address, phone number, username), account preferences and settings, and internet or device activity (such as IP address, device characteristics, and usage logs). We collect this information to provide, secure, and operate the Services, to support your employer's internal communications, and to produce aggregated, de-identified benchmarks and analytics.

We do not sell your personal information, and we do not share it for cross-context behavioral advertising. We have not done so in the preceding twelve (12) months.

Subject to verification of your identity, California residents may request to:

  • Know and access the personal information we have collected about you;
  • Correct inaccurate personal information;
  • Delete personal information, subject to legal exceptions;
  • Receive your information in a portable format; and
  • Not be discriminated against for exercising these rights.

To exercise these rights, email support@truhu.com. You may use an authorized agent to submit a request on your behalf; we may require the agent to provide proof of authorization and may require you to verify your identity directly. We will respond within the time required by law, generally within forty-five (45) days, and will tell you if we need additional time.

If we deny your request, you may appeal by replying to our response or by emailing support@truhu.com with the subject line “Privacy Appeal.” We will respond to your appeal within the time required by law.

10. Do We Make Updates to This Notice?

In Short: Yes, we will update this notice as necessary to stay compliant with relevant laws.

We may update this privacy notice from time to time. The updated version will be indicated by an updated “Revised” date and the updated version will be effective as soon as it is accessible. If we make material changes to this privacy notice, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this privacy notice frequently to be informed of how we are protecting your information.

11. How Can You Contact Us About This Notice?

If you have questions or comments about this notice, you may email us at support@truhu.com.

12. How Can You Review, Update, or Delete the Data We Collect from You?

Based on the applicable laws of your country, you may have the right to request access to the personal information we collect from you, change that information, or delete it in some circumstances. To request to review, update, or delete your personal information, please submit a request to support@truhu.com. We will respond to your request within 30 days.