Privacy Policy
Last updated: April 19, 2026
Our Core Principle
TrustScan.dev is built on a simple premise: privacy tools should respect your privacy. Every tool on TrustScan runs entirely in your browser. Your files, passwords, documents, and data are processed locally on your device and are never sent to our servers. You can verify this yourself - open DevTools, go to the Network tab, and watch for outbound requests while using any tool. You will see none related to your data.
Tool-Specific Data Handling
Each tool processes data exclusively in your browser:
Your answers to the 7-question quiz are processed locally to generate your compliance report. No answers, business information, or report data is sent to our servers.
Your PDF file is read into browser memory using the FileReader API and processed using pdf-lib entirely client-side. The file never leaves your device. No file content, metadata, or filename is transmitted to any server.
Your password is hashed locally using SHA-1 via the Web Crypto API. Only the first 5 characters of that hash are sent to the Have I Been Pwned API (haveibeenpwned.com) using their k-anonymity model. Your full password and full hash are never transmitted. HIBP returns a list of matching hash suffixes which are compared locally. TrustScan does not log, store, or process any password you enter. See HIBP's privacy policy for how they handle the anonymized prefix requests.
The text or URL you submit is sent to the Groq API (using Llama models) for AI analysis. This is the one tool where data leaves your browser - the privacy policy text is transmitted to Groq for processing. Groq's free tier data handling is governed by their privacy policy at groq.com/privacy. We recommend not submitting privacy policies containing your own personal information.
The URL you enter is processed by a Netlify serverless function that fetches the target website and analyzes its publicly visible properties (headers, cookies, scripts). The URL is not stored after processing. Results are returned directly to your browser.
Your browser properties are collected using standard browser APIs and analyzed locally. No fingerprint data is transmitted to any server.
Extension data you enter is analyzed locally. No extension information is transmitted to our servers.
This tool is a curated directory of links. No personal data is collected or transmitted.
Files will be encrypted and decrypted entirely in your browser using the Web Crypto API. No file content, passphrase, or encryption key will ever be transmitted to any server.
What We Collect
We collect minimal data to keep the site running:
Analytics (Google Analytics 4): We use GA4 to understand how visitors use the site. This collects anonymized data such as pages visited, time on site, device type, and approximate location at country or city level. GA4 does not collect personally identifiable information by default. You can opt out using browser extensions like uBlock Origin or by disabling JavaScript.
Email notifications (voluntary): If you choose to sign up for tool launch notifications, we collect your email address. This is entirely voluntary. You can unsubscribe at any time. Email addresses are not shared with third parties.
Advertising (Google AdSense): We display ads through Google AdSense, which may use cookies to serve relevant ads. Google's use of advertising cookies is governed by their privacy policy at policies.google.com/privacy.
What We Do NOT Collect
We do not collect, store, or sell:
Passwords or password hashes. PDF files or their contents. Browser fingerprint data. Privacy policy text you submit for analysis. Business information entered into the Privacy Law Checker. Extension data entered into the Browser Extension Auditor. User accounts or login credentials. Payment information. Personal data of any kind beyond what is described in the "What We Collect" section above.
Third-Party Services
We use the following third-party services:
Google Analytics 4 - anonymized usage analytics.
Google AdSense - advertising.
Netlify - hosting, deployment, and serverless functions.
Have I Been Pwned (HIBP) - receives anonymized 5-character hash prefixes from the Password Compromise Checker only. No full passwords or full hashes are transmitted.
Groq API - receives privacy policy text submitted to the Privacy Policy Simplifier for AI analysis. No other tool data is sent to Groq.
Each service has its own privacy policy governing how it processes data.
Cookies
TrustScan.dev does not set any first-party cookies. Third-party cookies may be set by Google Analytics and Google AdSense. You can manage cookie preferences through your browser settings or using a browser extension like uBlock Origin.
Local Storage
Some tools use your browser's localStorage to save results between sessions - for example, the Digital Identity Score dashboard. This data is stored entirely on your device and is never transmitted to our servers. You can clear it at any time using your browser's developer tools or by clicking the "Reset All Data" button within the tool.
Your Rights
Depending on your location, you may have rights under GDPR, CCPA, or other privacy laws including the right to access, correct, or delete your personal data. Since we collect minimal data - only anonymized analytics and voluntary email subscriptions - most rights are exercised directly through Google's tools for analytics data, or by contacting us for email subscription data.
For any privacy-related questions or requests, contact us at privacy@trustscan.dev.
Children's Privacy
TrustScan.dev is not directed at children under 13. We do not knowingly collect any personal information from children.
Changes to This Policy
We may update this policy from time to time as new tools are added or services change. Changes will be reflected on this page with an updated "Last updated" date. Continued use of the site after changes constitutes acceptance of the revised policy.
Contact
For privacy-related questions or concerns, contact us at privacy@trustscan.dev.