Privacy Policy

This Privacy Statement explains how we handle your personal information in connection with the website, application, product, or service that links to this Privacy Statement and the administration of the employment relationship with our employees (we call these our “Services”). It applies generally to the following groups:

  • Customers and users (including prospective customers and users);

  • Employees;

  • Third party business partners; and

  • Other individuals who interact with us or whose personal information we maintain.

This Privacy Statement does not apply to any website, application, product, or service that links to its own privacy statement or that is offered by third parties, in which clicking on third party links or enabling those connections may allow the third party to collect, use, or share data about you. We encourage you to read their respective privacy statements.

Who is TruePrep, Inc. and how can I contact you?

TruePrep Inc. is a Delaware corporation located at 5340 Calzada Del Bosque PO 273 Rancho Santa Fe CA 92067.

TruePrep Inc. acts as a controller of your personal information where we determine how and why personal information can be used, and the TruePrep Inc. company that provides the specific Service (as identified therein) is the primary controller of your personal information. This Privacy Statement, however, does not apply where we act as a processor or service provider to another controller (such as our customers).

Any comments, complaints, or questions may be emailed to contact@trueprep.ai.

What personal information do you collect and process?

We generally collect, use, disclose, and process personal information in the following categories:

Account Information

  • Account ID, User ID, account profile, settings and preferences, purchase history, subscriptions, and registrations.

Security Information

  • User credentials (username and password) and similar security information, individual network activity in security and audit logs.

Billing & Payment Information

  • Payment and payment card information or bank account information, billing contact details, ship to and bill to information.

User Contributions & User Content

  • Personal information in content and communications uploaded, sent, shared, or inputted through our Services or via our networks and infrastructure, including feedback you provide to us and the content of communications between you and us or sent via our network and Services.

Device & Browser Information

  • Network and internet service provider (ISP) information, Internet Protocol (IP) addresses, device and browser identifiers, device and browser information, advertising identifiers, cookie/tracker identifiers, and related information.

Usage and Browsing Information

  • Usage, search, and browsing history, user journey history (including clicks, navigation, user actions, interactions, and session replays), usage and diagnostics analytics and metrics, including on our Services and on our internal networks and corporate devices by employees, contractors, and site visitors.

Location Data

  • Region, country, state, and coarse and precise geolocation data.

Demographic Information

  • Age, date of birth, marital status, gender, physical characteristics, military status, political, religious, or philosophical beliefs, sexual orientation, racial or ethnic origin, union membership.

Health, Benefits, and Insurance Information

  • Enrollment and participation in insurance or benefits programs, personal information of beneficiaries, family members, emergency contacts, or dependents, medical records, disability information.

Identity Information

  • Government identification, governmental identifiers (such as tax identifiers, the last 4 digits of social security or national insurance numbers, and passport or driver’s license numbers).

Financial Information

  • Financial status, tax returns and related information, financial filings, credit standing, payroll and related information.

Legal Information

  • Legal status, immigration status, legal court cases and proceedings, governmental records, personal property or real estate records, liens & judgments, death records, public filings, driving records, licenses and registrations, and criminal information (such as arrests, charges, convictions, and incarceration records).

A note on children’s online privacy.
Our online Services provide information solutions intended for professionals and we do not knowingly collect any personal information from children under the age of sixteen (16).

How do you collect personal information?

  • Direct Interactions: You provide your personal information when you interact with us, such as when you register for Services, fill in forms, communicate with us, apply for jobs, and work for us.

  • User Contributions: We collect your personal information when you or others upload, share, send, or input that information through our Services or networks, or when you or they communicate with us.

  • Automatically: We automatically collect personal information about you when you interact with us, such as when use our Services, visit our offices or events, open emails or view advertisements from us, or communicate with us.

How do you use personal information?

This section details the purposes for which we use personal information and the different legal bases for processing that personal information.

Purpose and Legal Basis

  • To fulfill our contractual obligations:

    • Register your account and provide our Services.

    • Fulfill our obligations as an employer.

    • Legal Basis: Our performance of a contract.

  • Communicate with you about our Services and process related transactions:

    • Legal Basis: Our performance of a contract or as outlined in your consents or instructions.

  • For any purpose with your consent or to follow your instructions:

    • Legal Basis: As outlined in your consents or instructions.

  • To operate, improve, and/or personalize our Services, corporate networks, and devices, offices, events, and related infrastructure:

    • Develop new products, services, content, and other offerings.

    • Monitor and audit usage of our Services, corporate networks, and devices, offices, events, and related infrastructure.

    • Ensure the security of our Services.

    • Detect fraud and abuse.

    • Manage our internal operations (e.g., account administration, billing, troubleshooting, repair).

    • Legal Basis: To pursue legitimate interests.

  • To provide our Services to third parties where our Services and content include your personal information:

    • Legal Basis: To pursue legitimate interests or as outlined in your consents or instructions.

  • Manage the applicant and employee relationship:

    • Handle the application process, background checks, onboarding, employee management, and improve employee experience.

    • Communicate regarding recruiting and human resources administration.

    • Provide, manage, and improve employee benefits.

    • Legal Basis: Our performance of a contract or to pursue legitimate interests.

  • Exercise our rights and/or protect our or others’ rights or property:

    • Legal Basis: To pursue legitimate interests or to comply with our legal obligations.

  • Effectuate the sale, merger, acquisition, or other disposition of our business:

    • Legal Basis: To pursue legitimate interests or to comply with our legal obligations.

  • Advance our other commercial and economic interests as permitted by law:

    • Legal Basis: To pursue legitimate interests.

  • For other purposes as required by or permitted by law:

    • Legal Basis: To comply with our legal obligations or to protect your vital interests or those of another person.

Handling of Sensitive Personal Information

We use advanced software to clean and anonymize sensitive Personally Identifiable Information (PII) from forms before transmitting them to third-party services. Our goal is to minimize the transmission and storage of sensitive data such as Social Security Numbers (SSNs). While we utilize in-house processes to remove and redact SSNs as much as possible, we cannot guarantee 100% accuracy or permanence. No automated system can guarantee complete accuracy in all cases.

We only share data with AI models where we are an approved part of the zero data retention program, meaning the companies have committed to neither training or retaining any data.

Temporary Storage by Third Parties

In some instances, our third-party service providers may temporarily store limited amounts of information for up to 30 days. This temporary storage is implemented to prevent abuse and ensure the integrity of our services. While we strive to remove as much PII as possible, as explained above, there are very rare cases where some PII may be sent to these third parties for processing and advanced redaction. This is done to further ensure we fully redact PII and handle data extraction with very high accuracy. We require all third-party providers to adhere to stringent data protection standards and contractual obligations to safeguard your information. All third parties utilized are GDPR, SOC-2, and CCPA compliant.

Commitment to Data Security and Compliance

We are committed to protecting your personal information and complying with all applicable federal and state laws. Our third-party partners are selected based on their ability to meet our high standards for data protection and compliance. We continuously monitor and audit these partners to ensure ongoing adherence to these standards.

Who do you share personal information with?

  • Your organizations and contacts.

  • Third party business partners that support our business, including content partners, vendors, subcontractors, analytics providers, advertising and marketing agencies, credit agencies, and others.

  • Third party customers and users where our Services and content include your personal information, which may constitute a “sale” of personal information under some local privacy laws.

  • Governmental agencies and third parties involved in business transactions such as mergers, divestitures, restructurings, and similar.

  • Law enforcement and other government agencies to comply with legal requirements and to protect rights and safety.

  • Others when necessary to fulfill your consents or to follow your instructions.

Where do you store personal information?

We store all data in the United States.

What steps do you take to secure personal information?

We work to implement technical and organizational measures designed to protect the security of personal information. However, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee its absolute security. The security of your information also depends on you: you are responsible for using unique, strong usernames and passwords for each of your accounts, and for keeping those usernames and passwords confidential. We are not responsible for the circumvention of any privacy settings or cybersecurity measures contained on our Services, and any transmission of personal information is at your own risk.

How long do you retain personal information?

We retain personal information as required by our enterprise records retention schedule, which varies by Service, business function, country, record classes, and record types. We calculate the retention period based upon the time the personal information is needed to: (a) fulfill the purposes described in this Privacy Statement, (b) meet the timelines required or recommended by regulators, professional bodies, or associations, (c) comply with applicable laws, legal holds, and other legal obligations (including contractual obligations), and (d) comply with your requests.

What rights do I have over my personal information?

Your local privacy laws may grant you rights with respect to your personal information, and we will not knowingly discriminate against you because you have exercised any of your privacy rights. These rights differ based on the local laws that apply to you, but could include one or more of the following:

  • Right to confirm we process your personal information and, if so, to access, correct, complete, object to or restrict the processing of, and delete certain personal information we hold about you, including the rights to receive your personal information in a portable copy.

Changes to this Privacy Statement

This Privacy Statement is expected to change over time. We reserve the right to update it at any time, for any reason. We will notify you of changes to our Privacy Statement by updating the “Last Updated” date and posting the updated Privacy Statement on this page. We may e-mail periodic reminders of our notices and terms and conditions, but you should check our Services frequently to see the current Privacy Statement and any changes made to it.

Supplemental Privacy Statements

Depending on the specific Service you are using or specific interactions you have with us (such as when you apply for a job or work for us), we may provide different or supplemental privacy statements that describe and govern how we use your personal information. When we do so, those different or supplemental privacy statements apply to that specific Service or those specific interactions. Of note, please review these supplemental privacy statements:

Supplemental Privacy Statement for California consumers under CCPA/CPRA 

This Supplemental Privacy Statement for California Consumers under CCPA/CPRA (“California Statement”) supplements our Privacy Statement and further explains required disclosures about how we collect, disclose, and sell the personal information of California consumers and the rights that California consumers may have under the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (“CCPA/CPRA”) where we act as a business under CCPA/CPRA. When we use the term “personal information” in this California Statement, we are using that term as CCPA/CPRA defines it, which generally means information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. However, personal information does not include publicly available, deidentified, or aggregate consumer information (which are all defined in CCPA/CPRA). 

What categories of personal information do you collect and who do you share it with or sell it to?

In general, the categories of personal information we collect, sources of that information, business and commercial purposes for why we collect and use it, and who we share it with, as well as our personal information retention practices, are as outlined in our Privacy Statement.

California law, however, requires we restate some of this information for specific categories that are defined in CCPA/CPRA. The type of personal information we collect and how we handle that personal information, including if we share or sell that personal information, depends on how you are specifically interacting with us and which Services you are inquiring about. In general, we have collected, disclosed for a business purpose, and sold the following categories of personal information and sensitive personal information from California consumers within the last twelve (12) months:

Categories of Personal Information Collected

Category of Personal Information

Examples as Defined in CCPA/CPRA

Collected

A. Identifiers

Real name, alias, postal address, unique personal identifier, online identifier, internet protocol address, email address, account name, or other similar identifiers.

B. Personal information categories listed in the California Customer Records statute, Cal. Civ. Code § 1798.80(e)

Name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.

C. Protected classification characteristics under California or federal law

Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).

D. Commercial information

Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

E. Biometric information

Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.

F. Internet or other similar network activity

Browsing history, search history, and information on a consumer's interaction with a website, application, or advertisement.

G. Geolocation data

Physical location or movements.

H. Sensory data

Audio, electronic, visual, thermal, olfactory, or similar information.

I. Professional or employment-related information

Current or past job history or performance evaluations.

J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99))

Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.

K. Inferences drawn from other personal information

Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

L. Sensitive personal information

Social security, driver’s license, state identification card, or passport number; user name, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; precise geolocation; racial or ethnic origin; religious or philosophical beliefs; union membership; genetic data; contents of consumer’s mail, email, and text messages unless TruePrep Inc. is the intended recipient of the communication; processing of biometric information for the purpose of uniquely identifying a consumer; and personal information collected and analyzed concerning a consumer’s health, sex life, or sexual orientation.✔

Your privacy rights

If you are a California consumer, you may have one or more of the following rights under CCPA/CPRA:

  • Right to confirm we process your personal information and, if so, to request we disclose to you: (1) the categories of personal information we collected about you; (2) the categories of sources from which the personal information is collected; (3) the business or commercial purpose for collecting, selling, or sharing personal information; (4) the categories of third parties to whom we disclose personal information; and (5) the specific pieces of personal information we have collected about you.

  • Right to access (which may include a portable copy), correct, complete, or delete specific pieces of personal information we hold about you.

  • Right to limit our use and disclosure of your sensitive personal information.

  • Right to opt-out of the sale of personal information, as sale is defined under CCPA/CPRA.

  • Right to opt-out of the sharing of personal information, as sharing is defined under CCPA/CPRA.

  • Right not to receive discriminatory treatment for exercising your rights under CCPA/CPRA

  • Additionally, California Civil Code Section 1798.83 may permit you the right to request information regarding the personal information about you we disclose to third parties for the third parties’ direct marketing purposes.

To make a request, you can contact us at contact@trueprep.ai.

Please provide us enough information to verify your identify. We will use information you provide to us to verify your request. If we cannot initially verify your identity, we may request additional information to complete the verification process, such as, for example, a copy of your driver’s license and/or a recent utility or credit card bill. You can designate an agent to make a request on your behalf by either: (1) having your agent send us a letter, signed by you, certifying that the agent is acting on your behalf and showing proof that they are registered with the California Secretary of State; or (2) by you and the agent executing and sending us a notarized power of attorney stating that the agent is authorized to act on your behalf. Please note that we may still require you to verify your identity before we process a request submitted by your agent.

IMPORTANT: These rights are not absolutely guaranteed and there are several exceptions where we may not have an obligation to fulfill your request. We are only required to honor these rights to the extent that we act as a business/controller under CCPA/CPRA and the requested rights have been granted and apply to you under CCPA/CPRA. Please consult CCPA/CPRA to determine what rights may be available to you and when access to these rights is limited. You may appeal an adverse decision on your requests by emailing; and you have the right to lodge a complaint to the California Attorney General if you are not satisfied with our responses to your requests or how we manage your personal information. However, we encourage you to first contact us so we can address your concerns directly.

This California Statement was last updated on April 1, 2024.

Cookie & IBA Statement

This Cookie & IBA Statement supplements our Privacy Statement and specifically explains how we and our third-party business partners deploy cookies and other tracking technologies (which we call “Tracking Technologies”), including for interest-based advertising (IBA), as well as the options you have to control them.

What are cookies and other tracking technologies?

 “Cookies” are small pieces of data, stored in text files, that are stored on your browser, computer, or other device. The cookies we use may include “flash cookies” (or “local shared objects”) and “HTML5 cookies” that store information on your device (outside of your browser) and are specific to content supported by Adobe® Flash or HTML5. We and our third-party business partners may also use other tracking technologies such as “web beacons” (also known as “tags” and “pixels”) which are small images embedded in our Services, content, or emails, as well as “embedded scripts” which are pieces of code that are temporarily downloaded onto your device. These other tracking technologies are often used in conjunction with cookies, but may be stored on your device in a different manner from cookies so disabling cookies may not also disable these tracking technologies.

These Tracking Technologies may be operated and set by us (known as “first party trackers”) or by our third party business partners, such as social media networks, advertising networks, and content providers, (known as “third party trackers”); and can be set either for a single visit (through a “session tracker”) so they are deleted after that visit or remain on your device to persist for multiple repeat visits (through a “persistent tracker”).

Why do we use cookies and other tracking technologies?

We use Tracking Technologies for several different purposes: these technologies are widely used to remember you and your preferences and understand how you interact with us so that we may perform essential functions (such as to provide our Services or deliver content and allow users to register and remain logged in), personalize our Services and content and ensure a quality, consistent, and efficient experience for our users, analyze your usage of our Services and interactions with content (including emails), and to deliver and measure advertising (including IBA).

How can you control the use of Tracking Technologies?

You may wish to restrict the use of cookies or completely prevent them from being set. Most modern browsers allow you to change your cookie and other tracker settings, and you can usually find these settings in the options or preferences menu of your browser. Flash cookies can only be deleted within Adobe Flash rather than via your browser, and please refer to this Adobe help page for information on how to manage Flash cookies. Additionally, you can opt-out of Google Analytics by installing Google’s opt-out browser add-on.

You may also see a “cookie banner” on some of our Services, which allows you to manage our use of cookies and other Tracking Technologies – click on the banner for more information regarding which cookies are used on that particular Service and what you may disable, but please note that you cannot disable any Tracking Technologies that are categorized as strictly necessary.

Please be aware that some of the features of our Services may not function correctly if you disable all cookies or other technologies.

Do you honor Do Not Track Signals?

Generally, we do not currently respond to, or take any action with respect to web browser “do not track” signals; however, in some instances, our third party business partners who integrate within our Services will honor do not track signals.