Last update:
Nov 4, 2025
Truenroll Privacy Policy
We are committed to respecting and protecting any personal information you share with us.
TruCredentials Inc. (the "Company")
Effective Date: October 31, 2025
This Policy, which aligns with the security and privacy controls of our ISO/IEC 27701 PIMS (Privacy Information Management System) and ISO 27001/SOC 2 security standards, describes how we process Personal Information (PII).
1. Scope, Roles, and Definitions
Role/Definition | Entity/Concept | Rationale (Compliance) |
PII Controller / Data Controller | The Client University/Institution. | Determines the purposes and means of processing Student Records. (GDPR, ISO 27701) |
PII Processor / Data Processor | TruCredentials Inc. | Processes PII only on the Controller's documented instructions. (GDPR, FERPA) |
Personal Data (PII) | Data identifying an individual (Staff or Student Records). | Subject to all privacy protections. |
Non-Personal Data (NPD) | Data irreversibly anonymized or aggregated. | Used for product improvement; no longer considered PII/Education Records. |
2. Information We Process
2.1. User Data (Company acts as PII Controller)
Category of Data | Specific Data Elements | Purpose of Processing | Legal Basis (GDPR) |
Identity & Contact | Full Name, Email, Phone, Company Name | Account management, support, and billing. | Contractual Necessity |
Technical Data | IP Addresses, Device IDs, Usage Data | Service delivery, system security, and analytics. | Legitimate Interest (System Security & Optimization) |
2.2. Customer Data (Company acts as PII Processor)
This data is processed strictly on behalf of the University and is protected under FERPA as Education Records.
Data Type (High Sensitivity) | Specific Data Elements | Source & Purpose |
Education Records | Prospective Student Full Name, DOB, Email, Transcripts, Degrees, Financial statements, etc. | Uploaded by University staff for student recruitment and admissions processing. |
ID Documents | Passport, Driving License, etc. | Uploaded for identity verification by the University. |
3. Purpose Limitation and Use of Data
We limit data use in alignment with ISO 27701 (Clause 6.2.1):
PII Use (Primary Purpose): Personal Data (PII) is used only to provide the core TruEnroll Service and in accordance with the University's documented instructions.
NPD Use (Authorized for Improvement): The Company is explicitly authorized to convert PII into Non-Personal Data (NPD) using robust de-identification techniques. The resulting NPD is then used for the Company's legitimate business interests, including product development, internal research, analytics, and training and improving the underlying AI/Machine Learning models.
4. Data Sharing and Sub-processors
We do not sell or share PII for cross-context behavioral advertising or marketing.
We use the following types of PII Sub-processors, who are contractually bound to our security standards:
Cloud Hosting: AWS, GCP (Storage, Computing).
Payment Processor: Stripe (User Billing Data).
Analytics/Monitoring: Mixpanel, Google Analytics, Sentry, Gleap (User Technical Data only).
5. Security, Retention, and Compliance
Security Standard: We implement organizational and technical measures consistent with ISO 27001 and SOC 2, including AES-256 encryption at rest and TLS 1.2+ encryption in transit for all PII.
Data Retention: We retain PII only for the duration of the active subscription. Upon account termination or deletion request, we will delete or de-identify all associated PII within thirty (30) days, except for information required to be retained for legal compliance.
6. FERPA Compliance Commitment
TruCredentials Inc. acknowledges its role concerning Education Records:
School Official Status: We function as a "School Official" and use the PII solely for the University’s legitimate educational interests.
Prohibition on Re-disclosure: We will not use or disclose PII for any commercial purpose. This prohibition does not apply to Non-Personal Data (NPD) created through authorized de-identification.
7. User Rights (GDPR & CCPA/CPRA)
Individuals have the right to access, rectify, or delete their PII. For Student Records, the University (Controller) is responsible for addressing all requests directly. University staff (where we are the Controller) can exercise their rights by contacting us below.
Contact:
TruCredentials Inc. - Privacy Contact
16192 Coastal Highway, Lewes, County of Sussex, Delaware 19958
Email: compliance@trential.com