Privacy Policy

1. Overview

Alibi Ledger, LLC ("we," "our," or "us") values your privacy. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you access or use the Trust Onion mobile app, our iMessage extension, our website (trustonion.io), and related services, including any branded or white-labeled versions we operate for organizations (collectively, the "Services").

The Services help families and organizations confirm that the person they are talking to is really who they say they are. They do this through time-based codewords, verified selfies ("Proofies"), and cryptographic key exchange between members of a private group. By using the Services, you consent to the practices described in this Privacy Policy.

2. Information We Collect

We may collect the following types of information:

a. Information You Provide in the App

Account information (such as your name, email, or other identifiers) when you create a family or organization account, and user-submitted content such as feedback or in-app support requests.

b. Information You Provide on Our Website

When you reach out to us or interact with our website, we collect what you choose to send us:

• Support requests: when you submit our support form, we collect your name, email address, support category, subject, an optional order or account reference, your message, and any files you attach (images or PDFs, up to three per request).
• Newsletter sign-up: your email address, if you choose to subscribe to product updates.
• Email to us: if you email us directly (for example, our general, support, press, or legal addresses), we receive the contents of your message and your email address.

c. Automatically Collected Information

Device information (hardware model, operating system, browser type), log data (IP address, timestamps, and activity on the Services), and cookies or local storage identifiers. When you submit a support request, we record the IP address and browser user agent associated with the submission to help prevent abuse and fraud.

d. Codeword Data

Codewords are generated locally on your device using a time-based algorithm and rotate on a schedule. They are never transmitted to or stored on our servers. We have no access to your codewords.

e. Secret Passkeys

Your secret passkeys are encrypted in transit and at rest. For limited technical reasons, an encrypted passkey may pass through our systems in transit, and we may briefly hold the ability to decrypt it. However, we decrypt a passkey only when you, the user, request the operation that requires it, and we never log, record, retain, or otherwise access the decrypted value for any other purpose. We do not use your passkeys for any reason other than to perform the specific action you have requested.

f. Proofie Data

When you send a Proofie (a verified selfie with codewords overlaid and a cryptographic signature), the image and associated metadata (timestamp, location if enabled, and signature) are shared directly with your intended recipient. We do not store Proofie images on our servers.

g. Location Information

If you enable location features, your device may include location data in Proofies. This data is shared only with the recipient of the Proofie and is not stored on our servers.

3. How We Use Information

We use information to operate, maintain, and improve the Services; to respond to your contact and support requests; to send product updates if you have subscribed (you can unsubscribe at any time); to detect and prevent abuse, fraud, and security threats; to customize your experience; and to comply with legal obligations and enforce our Terms of Service.

4. How We Share Information

We do not sell your personal information. We share information only with the trusted service providers described in Section 5 (who process it on our behalf under confidentiality obligations), when required by law, court order, or government request, or in connection with a merger, acquisition, or asset sale (with notice where required).

5. Third-Party Processors

We rely on a small number of trusted service providers to operate the Services — for example, to host our database and storage, secure account sign-in, and notify our team of new support or contact messages. Each provider receives only the data needed to perform its function and is bound by confidentiality obligations.

Files you attach to a support request are stored on our own servers and are accessible only as needed to handle your request. We also use artificial intelligence and media tools to create our own marketing content (such as articles and videos); these tools process our editorial content only and do not receive your personal information.

6. Data Retention

We retain personal information for as long as needed to provide the Services, comply with legal obligations, or resolve disputes. You can delete your account and all associated data at any time through the app. When you delete your account, we remove your personal information from our systems within 30 days. Contact and support records are retained only as long as needed to handle your request and meet our legal obligations.

7. Security

We use commercially reasonable safeguards, including encryption and biometric authentication (Face ID, Touch ID) for key storage, to protect data. Codewords are generated locally and never leave your device. Private keys used to sign Proofies are stored on your device and protected by biometric authentication. However, no method of transmission or storage is completely secure.

8. Your Rights

Depending on your jurisdiction, you may have rights to access, correct, export, or delete your personal information, and to opt out of marketing communications. Contact us at legal@trustonion.io to exercise these rights.

9. Data Breach Notification

In the event of a data breach affecting your personal information, we will notify you and relevant authorities as required by applicable law.

10. International Data Transfers

Your data may be transferred and stored on servers outside your jurisdiction, including in the US. We ensure appropriate safeguards for such transfers, such as standard contractual clauses where required.

11. Links to Other Sites

Our Services may link to external sites, including the Apple App Store and Google Play. We are not responsible for the privacy practices of those third parties.

12. Children's Privacy

Trust Onion is designed for family use. Children under 13 may use the app under parental supervision as part of a family group. We do not knowingly collect personal information from children under 13 without parental consent.

13. Changes to This Policy

We may update this Privacy Policy from time to time. The latest version will always be available on our website with a revised effective date.

14. Contact Us

If you have questions or concerns, contact:

Alibi Ledger, LLC
30 N Gould St Ste N
Sheridan, WY 82801

Email: legal@trustonion.io