TrustGuard

Data Use Policy

Last updated: January 2025

Overview

This Data Use Policy explains how TGUARD Corporation ("TrustGuard") handles customer data in our third-party risk management platform, including our approach to AI-assisted analysis and data protection.

Customer Data

"Customer Data" refers to all data you upload, submit, or generate through our platform, including:

  • Vendor documentation (SOC reports, policies, questionnaires)
  • Assessment configurations and frameworks
  • Findings and remediation records
  • Reports and exports you generate
  • Communications within the platform

How We Use Customer Data

We use your Customer Data solely to:

  • Provide Services: Process and analyze your vendor evidence to generate assessments, findings, and reports
  • Improve Service Quality: Identify and fix issues, optimize performance, and enhance features
  • Provide Support: Respond to your support requests and troubleshoot issues
  • Ensure Security: Detect and prevent security threats and abuse

AI and Machine Learning

Your Data is Not Used to Train Models for Others

We do not use your Customer Data to train AI models that would be used for other customers or for general purposes. Your vendor assessments, evidence files, and findings remain exclusively yours.

How AI Analysis Works

When you upload vendor evidence, our AI analyzes the documents to:

  • Extract relevant security and compliance information
  • Cross-reference claims against evidence
  • Identify gaps, contradictions, and risks
  • Generate findings with evidence citations

This analysis happens within your isolated environment and does not expose your data to other customers or external systems.

Data Isolation

Customer Data is logically isolated at the application and database levels:

  • Each customer's data is stored separately and encrypted
  • Access controls ensure users only see their organization's data
  • AI analysis is performed within customer-specific contexts
  • Audit logs track all data access

Data Retention

We retain Customer Data for the duration of your subscription plus a grace period to allow for export. Specific retention periods:

  • Active Subscription: Data retained throughout your subscription
  • Post-Termination: 90 days to export your data
  • Deletion: Data deleted within 30 days after the export period

You may request earlier deletion at any time, subject to legal retention requirements.

Data Export

You can export your Customer Data at any time through our platform's export features. Exports include:

  • All vendor profiles and metadata
  • Assessment results and findings
  • Uploaded evidence files
  • Reports and audit trails

Subprocessors

We use carefully vetted subprocessors to help deliver our services. All subprocessors are contractually obligated to protect your data and use it only as directed. Categories of subprocessors include:

  • Cloud infrastructure providers
  • AI model providers (for inference only, not training)
  • Security and monitoring services

A current list of subprocessors is available upon request during customer onboarding.

Your Rights

You have the right to:

  • Access and export your Customer Data at any time
  • Request deletion of your data
  • Understand how your data is processed
  • Object to certain types of processing

Changes to This Policy

We may update this Data Use Policy from time to time. We will notify customers of material changes via email or in-platform notification at least 30 days before they take effect.

Questions

For questions about this policy or our data practices, contact us at:

TGUARD Corporation
Email: contact@trustguardai.com