Privacy Policy

Last updated: May 8, 2026

What we collect

When you create an account, we collect your email address, name, and the profile information you provide during onboarding (startup name, category, location, founding year, Twitter handle, LinkedIn URL, etc.).

When you connect a data integration, we store the credentials needed to fetch your metrics — this may be an OAuth access token (for Stripe, Google Analytics 4, Google Search Console) or an API key / secret (for Plausible, Fathom, PostHog, Mixpanel, Amplitude, Paddle, Lemon Squeezy, Chargebee, Recurly, Delighted, UptimeRobot, Better Uptime, Mailchimp, ConvertKit, and Beehiiv). We also store any additional configuration values you provide (such as a site domain, publication ID, or property ID) that are required to query the correct data from each provider.

Metric snapshots

Each time we sync your integrations, we record a timestamped snapshot of your metrics in our database. This append-only history powers the period filters (1M / 3M / 6M / 1Y) and growth charts on your public page. Snapshots are retained even if you later disconnect an integration, so your historical trend data is preserved.

How we use your data

Your data is used solely to power your TruStats page and related features:

  • Displaying verified metrics on your public page at trustats.live/p/your-slug
  • Rendering embeddable metric widgets on third-party websites you authorise
  • Generating 90-day MRR projections and period-over-period growth comparisons
  • Showing your startup in the Verified Startups directory (if you hold a Directory Sponsor listing)
  • Sending transactional emails (account confirmation, contact form replies)

We never sell, rent, or share your personal data with third parties for advertising or marketing purposes.

Credentials and security

All integration credentials (OAuth tokens and API keys) are stored encrypted at rest in our Supabase database hosted on AWS infrastructure in the US. For OAuth integrations, we request only read-only scopes. You can disconnect any integration at any time from your Integrations dashboard, which removes the stored token. You can also revoke access directly within the third-party platform.

Public pages and embeds

Your metrics page at trustats.live/p/your-slug is publicly accessible to anyone with the link. The embed widget (trustats.live/embed/your-slug) allows your metrics to be displayed as an iframe on other websites.

Pro plan users can restrict which external domains are permitted to embed their widget via the Embed Allowlist. Free plan embeds carry a "Verified by TruStats" attribution badge.

Contact form

When visitors submit an inquiry through your public page's investor / buyer contact form, their message is forwarded to your registered email address via our email provider (Resend). We do not store contact form messages beyond delivery. Your email address is not exposed to the sender; replies happen through normal email threads.

When you submit the general TruStats contact form at trustats.live/contact, your name, email, and message are sent to our support inbox. We retain this only as long as needed to respond.

Billing and payments

Paid subscriptions (Pro plan and Directory Sponsor listing) are processed by Dodo Payments. We do not store your payment card details. Dodo Payments handles all payment processing and is subject to their own privacy policy. We store your Dodo customer ID and subscription ID in your account metadata to manage plan status.

Analytics

We use PostHog to understand how TruStats itself is used (page views, feature adoption). PostHog is self-hosted via our reverse proxy at trustats.live/ingest. We do not use Google Analytics, Facebook Pixel, or any advertising trackers on our own site.

Cookies

We use a single session cookie to keep you logged in. We do not use tracking, advertising, or third-party cookies.

Data retention

Your account data and metric snapshots are retained for as long as your account is active. If you cancel a paid plan, your account reverts to Free — your data is not deleted. You may request full deletion of your account and all associated data by emailing growtlab@gmail.com. We will action deletion requests within 30 days.

Your rights

Depending on your jurisdiction, you may have rights to access, correct, export, or delete the personal data we hold about you. To exercise any of these rights, contact us at the address below.

Contact

Questions about this policy? Reach us at growtlab@gmail.com or via trustats.live/contact.

Ready to prove your traction?

Connect Stripe or GA in 2 minutes. Your verified page is live instantly.