Privacy Policy
Effective Date: March 1, 2026
1. Who We Are
Trustbox ("we," "us," or "our") operates an educational simulator designed to help families recognize and resist AI voice cloning scams. This Privacy Policy explains how we collect, use, share, and protect your personal information when you use our website and services at trustboxai.com.
2. Information We Collect
2.1 Account Information
When you create an account, we collect your email address and password (stored in hashed form). If you sign up with a social login provider, we receive the email address associated with that account.
2.2 Voice Recordings
To run a simulation, you voluntarily provide a short voice sample. This recording is used solely to generate a temporary AI-cloned voice for the educational simulation. Voice recordings and cloned audio are automatically deleted within 24 hours of generation. We do not use voice data for any purpose other than the simulation you initiate.
2.3 Phone Numbers
You provide the phone number of the family member who will receive the educational simulation call. We store phone numbers in E.164 format and use them exclusively for delivering the simulation and related opt-out processing.
2.4 Consent Records
We collect and retain records of consent (including timestamps, IP addresses, and the specific consent language acknowledged) to comply with the Telephone Consumer Protection Act (TCPA). These records are kept for as long as legally required.
2.5 Payment Information
Payment processing is handled by Stripe. We do not store your full credit card number, CVC, or expiration date on our servers. Stripe may collect billing information in accordance with its own Privacy Policy.
2.6 Usage Data
We automatically collect standard usage data such as IP address, browser type, device information, pages visited, and timestamps. This helps us maintain security, improve our service, and debug issues.
3. How We Use Your Information
- Deliver simulations: Generate AI-cloned voice audio and deliver educational simulation calls.
- Manage your account: Authenticate your identity and process payments.
- Comply with the law: Maintain consent records, respond to legal requests, and honor opt-out requests.
- Improve our service: Analyze aggregated, de-identified usage patterns to improve the user experience.
- Communicate with you: Send transactional emails (receipts, account alerts) and, only with your consent, marketing messages.
4. Third-Party Service Providers
We share the minimum data necessary with the following service providers to operate Trustbox:
| Provider | Purpose | Data Shared |
|---|---|---|
| Supabase | Authentication and database | Email, hashed password, account data |
| Telnyx | Voice call delivery | Phone numbers, call audio |
| Fish AI | Voice cloning (educational) | Voice recordings (deleted after use) |
| Groq | AI report text generation | Call metrics (no personal data) |
| Resend | Email delivery | Email address, report content |
| Stripe | Payment processing | Billing information (handled by Stripe) |
We do not sell, rent, or trade your personal information to any third party. We do not share data with advertisers or data brokers.
5. Data Retention
- Voice recordings and cloned audio: Automatically deleted within 24 hours of generation.
- Fish AI voice clone models: Deleted immediately after the audio file is generated.
- Account data: Retained for as long as your account is active, plus 30 days after deletion request.
- Consent records: Retained for at least 5 years to comply with TCPA requirements.
- Payment records: Retained as required by tax and financial regulations (typically 7 years).
6. Cookies and Tracking
We use strictly necessary cookies to maintain your login session and remember your preferences. We do not use third-party advertising cookies or cross-site tracking pixels. If we introduce analytics cookies in the future, we will update this policy and provide appropriate notice and opt-out mechanisms.
7. Data Security
We implement industry-standard security measures including encryption in transit (TLS), encryption at rest for sensitive data, secure authentication via Supabase Auth, and time-limited signed URLs for temporary audio files (15-minute expiry). While no system is perfectly secure, we take reasonable precautions to protect your data.
8. Your Rights
You have the right to:
- Access the personal data we hold about you.
- Correct inaccurate personal data.
- Delete your account and associated data by contacting us.
- Opt out of marketing communications at any time.
- Withdraw consent for simulation calls at any time (see our TCPA Disclosure for details).
If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect and the right to request deletion.
9. Children's Privacy
Trustbox is not directed to individuals under the age of 18. We do not knowingly collect personal information from minors. If you believe a minor has provided us with personal data, please contact us immediately and we will delete it.
10. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a prominent notice on our website at least 30 days before the changes take effect. Your continued use of Trustbox after the updated policy becomes effective constitutes your acceptance of the changes.
11. Contact Us
If you have questions about this Privacy Policy or wish to exercise any of your rights, contact us at:
Trustbox
Email: support@trustboxai.com
Last updated: March 2026