Privacy policy
Last updated: 5 July 2026
1. Controller
The controller of personal data processed via TrustHawk.eu is:
MGROUP, s.r.o.
Ponická ulica 2, 974 01 Banská Bystrica, Slovak Republic
Company ID (IČO): 45859922 · VAT: SK2023122618
Registered: Commercial Register of the District Court Banská Bystrica, Section: Sro, Insert No. 19080/S
Contact for privacy matters: privacy@trusthawk.eu
2. Data we process
- Verification inputs (URLs, phone numbers, IBANs, emails, VAT IDs, messages). Sensitive identifiers are stored as one-way SHA-256 fingerprints and displayed in masked form where possible.
- Reports, reviews and evidence submitted by users.
- Account data if you sign up: email, display name, preferred language, subscription status.
- Technical logs: IP address, user-agent, timestamps — for abuse prevention and rate limiting.
3. Legal basis (Art. 6 GDPR)
- Legitimate interest (Art. 6(1)(f)): running a scam-prevention service, fraud detection, security.
- Contract (Art. 6(1)(b)): providing the service to registered users and subscribers.
- Consent (Art. 6(1)(a)): optional cookies and marketing communications.
- Legal obligation (Art. 6(1)(c)): accounting, tax and law-enforcement requests.
4. Sub-processors
We use the following processors under Art. 28 GDPR:
- Supabase (database, authentication) — EU region hosting.
- Cloudflare — CDN, DDoS protection, edge runtime.
- Stripe Payments Europe, Ltd. — subscription billing (activated only for paid plans).
- Google Gemini via Lovable AI Gateway — AI-assisted analysis of anonymised inputs.
5. Retention
- Verification requests: up to 12 months, then anonymised.
- Reports and community warnings: kept while relevant for scam prevention, subject to takedown on justified request.
- Account data: for the lifetime of the account plus 3 years for legal claims.
- Accounting data: 10 years (Slovak Act No. 431/2002 Coll.).
6. Your rights (GDPR)
You have the right to access, rectify, erase, restrict or object to processing, and to data portability. Contact privacy@trusthawk.eu. You may lodge a complaint with the Office for Personal Data Protection of the Slovak Republic.
7. International transfers
Data is primarily processed within the EU/EEA. Where transfers to third countries occur (e.g. Stripe, Cloudflare edge), we rely on Standard Contractual Clauses (Art. 46 GDPR).
8. Cookies
We use essential cookies to keep you signed in. Analytics cookies are set only after your consent (see the cookie banner).
9. Changes
We may update this policy. Material changes will be announced on the site and, for account holders, by email.