Data and Privacy
How TrussNote handles your data, your rights under GDPR and CCPA, and how to export or delete your data.
TrussNote is built for professional use. Your data belongs to you, and we handle it with the care that construction professionals require.
What data we store
TrussNote stores:
- Your profile information (name, email, firm, location)
- Reports and documents you generate using our AI tools
- Files you upload for analysis (city comment sheets, project documents)
- Billing information (managed securely by Stripe)
- Usage logs for billing and support purposes
We do not sell your data to third parties. We do not use your reports to train AI models without explicit consent.
How your reports are used
Your AI-generated reports are stored in your organization's account and are not accessible to other organizations. They are used only to:
- Display your report history
- Generate follow-up analyses if you request them
- Power the organization memory feature (if enabled) to improve future outputs
Exporting your data
You can download a full export of your organization's data at any time.
To export your data
- Go to Settings
- Scroll to Danger zone
- Click Download your data
- A JSON file will be prepared and downloaded immediately
The export includes your profile, all generated reports, and your organization details. It does not include billing information (request invoices separately from the Billing page).
GDPR rights
If you are located in the EU or UK, you have the following rights under GDPR:
| Right | How to exercise it |
|---|---|
| Right of access | Download your data from Settings |
| Right to rectification | Update your profile from Settings |
| Right to erasure | Contact support@trussnote.com |
| Right to portability | Download your data export (JSON) |
| Right to object | Contact support@trussnote.com |
| Right to restrict processing | Contact support@trussnote.com |
We respond to GDPR requests within 30 days.
CCPA rights
If you are a California resident, you have the right to:
- Know what personal information we collect
- Request deletion of your personal information
- Opt out of the sale of personal information (we do not sell personal information)
To exercise your CCPA rights, contact support@trussnote.com with your request.
Data retention
| Data type | Retention period |
|---|---|
| Active account data | While account is active |
| Reports and documents | While account is active |
| Data after account deletion | 90 days |
| Billing records | 7 years (legal requirement) |
| Server logs | 30 days |
Data processing agreement
For organizations that require a formal Data Processing Agreement (DPA) for GDPR compliance, our standard DPA is available at trussnote.com/dpa. Enterprise customers can request a custom DPA.
Security of your data
All data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Our infrastructure runs on Supabase and Vercel, both of which maintain SOC 2 Type II compliance.
For full details on our security practices, see the Security Policy or the DPA.
Contact for privacy matters
For privacy questions or to exercise your data rights, email privacy@trussnote.com or support@trussnote.com.
Was this article helpful?