TruQC

Privacy Policy

Last updated: 8 April 2026

1. Who we are

TruQC ("we", "us", "our") operates the truqc.co.uk platform — an automated quality control service for subsea and pipeline survey data. This policy explains how we collect, use, store, and protect your information.

2. Information we collect

Account information

  • Email address (used for authentication and account communications)
  • Full name (optional, for profile display)
  • Password (hashed, never stored in plain text)

Survey data you upload

  • CSV, Excel, and geospatial files uploaded for quality checking
  • Parsed metadata (column types, row counts, validation results)
  • QC reports generated from your data

Usage data

  • Audit logs of actions performed (uploads, validation runs, exports)
  • Basic analytics (page views, feature usage) for service improvement

3. How we protect your data

Survey data is often commercially sensitive. We treat every file you upload as confidential.

  • Encryption at rest — All files and database records are encrypted using AES-256 via our infrastructure provider (Supabase).
  • Encryption in transit — All connections use TLS/HTTPS. No data is transmitted unencrypted.
  • Row-level security — Database access controls ensure you can only access your own projects, datasets, and reports. No cross-account data access is possible.
  • Scoped file storage — Uploaded files are stored in isolated user-scoped paths with access controlled by security policies.
  • Signed download URLs — File downloads use time-limited signed URLs (5-minute expiry) that cannot be shared or reused.
  • No data sharing — Your survey data is never shared with other users, used for training AI models, or sold to third parties.
  • No third-party analytics on file contents — We do not send your survey data to external analytics or tracking services.

4. Infrastructure & sub-processors

We use the following services to operate TruQC:

  • Supabase — Authentication, database, and file storage (SOC 2 Type II)
  • Vercel — Frontend hosting and API routes (SOC 2)
  • Railway — Backend processing service (data processed in memory, not persisted)
  • Resend — Transactional email delivery (OTP codes, notifications)

5. Data retention

  • Your data is retained for as long as your account is active.
  • When you delete a project, all associated jobs, datasets, files, and reports are permanently deleted.
  • When you delete your account, all data is permanently removed within 30 days.
  • Audit logs are retained for 12 months for compliance purposes, then automatically purged.

6. Your rights

Under UK GDPR, you have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request deletion of your data
  • Export your data in a portable format
  • Object to processing of your data

To exercise any of these rights, contact us at privacy@truqc.co.uk.

7. Cookies

We use essential cookies only — for authentication session management. We do not use advertising or tracking cookies. No cookie consent banner is required as these are strictly necessary for the service to function.

8. Changes to this policy

We may update this policy from time to time. Material changes will be communicated via email to registered users. The "last updated" date at the top of this page reflects the most recent revision.

9. Contact

Questions about this policy? Email us at privacy@truqc.co.uk.