Skip to main content
← True Review

Privacy policy

Last updated 2026-05-27

What we collect

  • Review submissions you send us (title, body, ratings, category).
  • A salted SHA-256 hash of your IP address for rate-limiting and abuse correlation. We never store the raw IP.
  • If you provide a contact for a content-removal request, that contact email.
  • Standard server logs (timestamp, route, status) retained 30 days.

What we don’t collect

  • No account login is required to read content.
  • Reviews are anonymous by default; we do not link your handle to a real identity unless you explicitly verify employment.
  • We do not sell personal data.

Cookies and ads

We use a single essential cookie for cookie-consent state. With your consent, Google AdSense may set advertising cookies. You can change consent at any time by clearing site data in your browser. See cookie details.

Your rights (GDPR, CCPA/CPRA, and US state privacy laws)

If you are in the EU, UK, California, Virginia, Colorado, Connecticut, Utah, or another jurisdiction with comparable rights, you can:

  • Request a copy of any data we hold about you.
  • Request correction or deletion of your reviews.
  • Object to processing or withdraw consent.
  • Opt out of personalised advertising (browser-level via consent banner).

Use the data-request form or email privacy@true-review.example. We respond within 30 days (GDPR) or 45 days (CCPA).

Retention

Reviews are retained while they remain useful for the community. Removed reviews are kept in a tamper-evident moderation log for 24 months (NIST 800-53 AU-11), then deleted. IP hashes are pruned after 90 days.

Security

Transport encrypted with TLS 1.2+. HSTS preload on all responses. Content Security Policy + COOP/COEP/CORP applied. Hardening aligned to DISA ASD STIG controls V-222394 (crypto), V-222459 (SQLi prevention via ORM), V-222461 (input validation), V-222489 (security headers), V-222496 (tamper-evident audit log).

Children

True Review is not intended for users under 16. We do not knowingly collect data from minors (COPPA / GDPR Art. 8).

International transfers

Servers are in the United States. EU/UK data transferred under Standard Contractual Clauses. We work to align with the EU-US Data Privacy Framework.

Contact

Privacy: privacy@true-review.example
Legal / DMCA: legal@true-review.example
EU representative (DSA Art. 13): see transparency page.