Privacy Policy

1. Who We Are

Truegility, Inc. DBA Truegility ("we", "us", or "our") offers applications, visualizations, and services in the AI, data solutions, master data management, and Power BI spaces. We are committed to protecting your personal information. This Privacy Statement explains the personal data we process, how we process it, and for what purpose.

This Privacy Statement applies to the applications published by Truegility via Microsoft Azure Marketplace, Microsoft AppSource, other Microsoft Office stores, or any other means, as well as our website at truegility.com. "Visualizations" refer to custom Power BI visuals and template apps developed and published by Truegility either to the Office 365 store or Power BI gallery.

For privacy-related inquiries, contact us at [email protected]. Truegility does not currently appoint a Data Protection Officer (DPO), as the nature and scale of our data processing does not require one under GDPR Article 37. We remain fully committed to data protection compliance and will appoint a DPO if our processing activities change.

2. Our Core Privacy Commitments

• Truegility does not collect any personal information, Customer Data*, or anything related to your device when you use any of our applications, including visualizations.
• We do not collect or have access to any information that can identify you when you purchase an App or download a trial.
• We will never sell or share information collected as part of a trial or purchase of any of our Apps without your written consent. Information collected by Microsoft as part of a trial or purchase falls under the Microsoft Privacy Policy.
• We may collect usage and download statistics, trends, or any other Administrator Data** that Office 365 application administrators are provided with, but not the specific usage of any individual user.

3. Information We Collect

Through our applications and visualizations: We do not collect personal data. See Section 2 above.

Through our website, information you provide directly:

• Name, email address, company name, phone number, and any message content submitted through our contact forms

Through our website, automatically collected information:

• IP address, browser type, device information, pages visited, time spent on pages, and referring URLs

Cookies and similar technologies (see Section 8 below)

4. Customer Data & Administrator Data

*Customer Data: Customer Data is all data, including all text files, sound files, image files, and software that you provide to Truegility through your use of our Services. We may use Customer Data to provide Services. This includes troubleshooting aimed at preventing, detecting, and repairing problems affecting the operation of the services provided.

**Administrator Data: Administrator Data is information about administrators (including account contact and subscription administrators) provided during sign-up, purchase, or administration of the Services. This may include name, address, phone number, and email address, whether collected at initial purchase or later during management of the Services.

We will not disclose Customer Data or Administrator Data ("your information") outside of Truegility except as you direct, as described in your agreement(s), or as described in this privacy statement.

5. How We Use Your Information

• To respond to your inquiries and provide requested services
• To fulfill and manage service agreements
• To send you information about our services (only with your consent)
• To improve our website, applications, and user experience
• To troubleshoot and maintain the operation of our services
• To comply with legal obligations

We do NOT sell your personal data to third parties.

6. Legal Basis for Processing (GDPR)

For individuals in the European Economic Area (EEA), we process personal data under the following legal bases:

• Consent: When you submit a contact form, subscribe to communications, or provide written consent for data sharing
• Legitimate Interest: To improve our services and website functionality, and to collect aggregate usage statistics
• Contractual Necessity: To fulfill service agreements and provide purchased services
• Legal Obligation: To comply with applicable laws and regulations

7. Your Privacy Rights

For EEA residents (GDPR): You have the right to:

• Access your personal data
• Rectify inaccurate data
• Request erasure of your data ("right to be forgotten")
• Restrict processing of your data
• Data portability
• Object to processing
• Withdraw consent at any time

For California residents (CCPA/CPRA): You have the right to:

• Know what personal information is collected, used, shared, or sold
• Delete personal information held by us
• Opt out of the sale or sharing of personal information (we do not sell personal data)
• Non-discrimination for exercising your privacy rights

For California residents (CCPA/CPRA), additional rights:

• Right to correct inaccurate personal information
• Right to limit the use and disclosure of sensitive personal information (we do not collect sensitive personal information as defined by CPRA)

For UK residents (UK GDPR): You have the same rights as EEA residents listed above. References to "GDPR" in this policy include the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 where applicable.

Right to lodge a complaint: If you believe your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority. For EEA residents, this is your local Data Protection Authority. For UK residents, this is the Information Commissioner's Office (ICO). For California residents, you may contact the California Attorney General's office.

For all users: You may request access to, correction of, or deletion of your personal data at any time by contacting us at [email protected]. We will respond within 30 days.

8. Cookies

Our website may use cookies to:

• Remember your cookie consent preferences (essential)
• Analyze website traffic and usage patterns (analytics, only with consent)
• Improve website functionality (functional, only with consent)

You can manage your cookie preferences at any time using the cookie settings on our website or through your browser settings.

9. Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this policy, or as required by law. Contact form submissions are retained for up to 24 months unless you request earlier deletion. Administrator Data is retained for the duration of your service agreement plus any legally required retention period.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including encryption in transit (TLS/SSL), access controls, and regular security assessments. While no method of transmission over the Internet is 100% secure, we strive to protect your information using commercially reasonable means.

11. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of individuals, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR Article 33. Where the breach is likely to result in a high risk to affected individuals, we will also notify those individuals without undue delay in accordance with GDPR Article 34 and applicable US state data breach notification laws.

12. Third-Party Services

We may use third-party services that process data on our behalf:

• Microsoft Azure and Microsoft marketplace platforms
• Website hosting and analytics providers
• Email service providers
• CRM systems

All third-party processors are required to maintain appropriate data protection measures. Information collected by Microsoft as part of app trials or purchases falls under the Microsoft Privacy Policy.

13. International Data Transfers

If your data is transferred outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or adequacy decisions approved by the European Commission.

14. Children's Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child under 16, we will take steps to delete that information promptly.

15. Automated Decision-Making and Profiling

We do not use your personal data for automated decision-making or profiling that produces legal effects or similarly significant effects on you. If this changes in the future, we will update this policy and provide you with information about the logic involved, the significance, and the envisaged consequences of such processing.

16. Do Not Track Signals

Some browsers transmit "Do Not Track" (DNT) signals to websites. Because there is currently no industry standard for recognizing or honoring DNT signals, we do not currently respond to them. If a standard is established in the future, we will reassess our approach. You can manage your tracking preferences through our cookie consent settings.

17. Changes to This Privacy Statement

We will occasionally update this privacy statement to reflect customer feedback and changes in our Services. When we post changes to this statement, we will revise the "Last Updated" date at the top. For material changes, we will make reasonable efforts to notify you (such as via a banner on our website). We encourage you to periodically review this privacy statement to learn how Truegility is protecting your information.

18. Related Policies

This Privacy Policy should be read together with our other legal documents:

• Terms of Service: Governing the use of our website and services
• Licensing Terms: Terms for use of Truegility software, visualizations, and deliverables

19. How to Contact Us

If you have any questions regarding this privacy policy or wish to exercise your privacy rights, please contact us:

• Email: [email protected]
• Or use our contact form