Skip to content

Truly AI Ltd. Privacy Policy

May 2025

Truly Privacy Policy

Introduction

Welcome to Truly, a real-time deepfake detection service (the “Service”).

This Privacy Policy (“Policy”) explains how information about you is collected and used by the Service, which is developed and operated by Truly AI Ltd. (In formation) (“Company” or “we”, “us”, “our”), and operated on behalf of the customer who is a party to the Truly Service Agreement (the “Agreement”) (“Customer”) and authorized users of Customer, such as employees, agents, Customer clients and anyone on Customer’s behalf who is authorized to use the Service (“Users”).

The Service is not directed to users under the age of 18. We do not knowingly collect information from children under the age of 18 or knowingly allow minors under the age of 18 to use the Service.

The Company samples and process video, voice and chat, including biometric information about you, to mitigate deepfake threats. By using Truly, you agree to this Policy. If you do not agree, or if you are a resident of Illinois or Texas, you represent and warrant that you will mute your microphone, disable your video camera and not send any chat messages when the Service is active.

This Policy may be amended from time to time. We will post the new Policy on our Platform at a reasonable time in advance of the effective date of the change, and we will also make efforts to proactively notify you if possible

Contact us

If you have any questions, comments or concerns regarding this Policy or our processing of your personal information, please contact the Customer. You may also contact us at privacy@truly.ws.

What we collect and why

Scenario

Purposes

Categories of information processed

If you register to our Service

Providing you with the functionality of the Service, updates, contacting you regarding administrative issues related to the Service, this Policy, our Agreement, support and maintenance.

Email address, full name.

Contacting us with an inquiry

Responding to your inquiry, our business development.

Your Email address, the subject of your inquiry and the text of your message.

When you participate in a meeting/call where Customer uses our Service

Providing you with the functionality of the Service.

Video, voice and chat data, including biometric information about you.

When you provide us with your feedback

Responding to your feedback, our business development

Email address and the feedback or review.

 

Use of analytic tools on the Service

For security and monitoring purposes, to allow the Customer to understand how Users interact with the Service.

Meta Data - information about your computer or mobile device, your operating system and your browser.

‍Analytic Information: statistics and analytic information about your use of the Service, including IP address from which you accessed the Service, time and date of access, type of browser used, language use, links clicked, and actions taken while using the Service

 

Registering and using the Service is not mandatory. You do not have a legal obligation to provide the information that we request. However, if you choose not to provide this information to us, we may not be able to process your feedback and respond to your inquiry, and you may not be able to use some or all of our Service functionalities. You have the right to review the personal information we collect and use about you the right to request correction of your personal information according to section 13 & 14 of the Israeli Protection of Privacy Law and the regulations promulgated thereunder.

Methods and sources for collecting your personal information

We collect the personal information from several sources:

  • Directly from you when you register or use our Service or when provided to us through our Email;
  • From the Customer
  • From our service providers helping us to operate the Service.
  • Through the device you use to access our Service, including through third party cookies and analytics tools, such as Google Analytics and Internal analytics services.

Sharing your personal information

We will not share your information with third parties, except in the events listed below or when you provide us with your explicit and informed consent.

Scenario

Purposes

Third parties involved

We will share your information with our service providers who assist us with the internal operations of the Service.

These companies are authorized to use your personal information in this context only as necessary to provide these services to us and not for their own promotional purposes.

Operating the Service.

Google Cloud Platform, Subject to the following additional Policies:

https://cloud.google.com/terms/cloud-privacy-notice.

Sharing your information with the Customer.

Fulfilling our role as a service provider, who is operating the Service on the Customer behalf.

The Customer you interact with or work for.

If you abused your rights to use the Service or violated any applicable law while doing business with us

Responding to, handling, and mitigating suspected violations of law in connection with our business.

Competent authorities, legal counsels, and advisors.

If a judicial, governmental, or regulatory authority requires us to disclose your information

Complying with a binding request from a competent authority.

Competent authorities.

If the operation of the Service or our business is organized within a different framework, or through another legal structure or entity

Enabling a structural change in the operation of the Service.

The target entity of the merger or acquisition, legal counsels, and advisors.

Data retention and security

We retain your information for 3 Years, and thereafter as needed for record-keeping matters.

We will retain your information for 3 Years. Thereafter, we will still retain your personal information as necessary to comply with our legal obligations, resolve disputes, establish, and defend legal claims and enforce our agreements. The overall period of retention is approximately 7 years.

We implement measures to secure your information

We implement measures to reduce the risks of damage, loss of information and unauthorized access or use of information, such as TLS, hashing and encryption. However, these measures do not provide absolute information security. Therefore, although efforts are made to secure your personal information, there is no guarantee that it will be immune from information security risks.

Additional information for individuals in the EU or UK

Controller & Processor

The Company is a data Processor for the personal information described in this Policy. The Company process such personal information on the Customer Behalf, which is the data Controller that determines the purposes and means of processing your data. You can review the Customer's contact information in Customer’s own policy.

International data transfers

To facilitate the processing of your information through the Service and by our service providers, we will transfer your information to countries outside the EU or the UK, such as the US. We do so to countries which are recognized by the European commission as having adequate protection for personal data, or under the terms of a data transfer agreement which contains standard data protection contract clauses with adequate safeguards determined by the EU Commission and UK Information Commissioner’s Office.

Legal basis for processing your personal data

Purpose or Scenario

Legal Basis

Registering to our Service

Our legitimate interest in facilitating your request to register to the Service on behalf of the Customer.

Participating in a meeting/call and using the Service

Our legitimate interest in providing the Service to you on behalf of the Customer.

Responding to your inquiry

Our legitimate interest in Responding to your inquiry on behalf of the Customer.

When you provide us with your feedback

Our legitimate interest in developing and enhancing the Service for the Customer.

Collecting analytic information about your use of the Service on behalf of and for the Customer and in accordance with its preferences

Our legitimate interests in monitoring and securing our Service, and understanding how the Service is used on behalf of and for the Customer.

Responding to, handling, and mitigating suspected violations of law in connection with our business

Legitimate interests in defending and enforcing against violations and breaches that are harmful to our business.

Complying with a binding request from a competent authority

Legitimate interests in complying with mandatory legal requirements imposed on us.

Enabling a structural change in the operation of the Service and our business

Legitimate interests in our business continuity.

Data subject rights

If you are in the EU or the UK, you have the following rights under the GDPR:

Right to Access and receive a copy of your personal information that we process.

Right to Rectify inaccurate personal information we have concerning you and to have incomplete personal information completed.

Right to easily and at any time withdraw your consent to us processing your personal data to email you our newsletters. The withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal

Right to easily and at any time withdraw your consent to the use of non-essential cookies on our Service. The withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.

Right to Data Portability, that is, to receive the personal information that you provided to us, in a structured, commonly used, and machine-readable format. You have the right to transmit this data to another person or entity. Where technically feasible, you have the right to have your personal information transmitted directly from us to the person or entity you designate.

Right to Object to our processing of your personal information based on our legitimate interest. However, we may override the objection if we demonstrate compelling legitimate grounds, or if we need to process such personal information for the establishment, exercise, or defense of legal claims.

Right to Restrict us from processing your personal information (except for storing it): (a) if you contest the accuracy of the personal information (in which case the restriction applies only for a period enabling us to determine the accuracy of the personal information); (b) if the processing is unlawful and you prefer to restrict the processing of the personal information rather than requiring the deletion of such data by us; (c) if we no longer need the personal information for the purposes outlined in this Policy, but you require the personal information to establish, exercise or defend legal claims; or (d) if you object to our processing based on our legitimate interest (in which case the restriction applies only for the period enabling us to determine whether our legitimate grounds for processing override yours).

Right to be Forgotten. Under certain circumstances, such as when you object to our processing of your personal information based on our legitimate interest and there are no overriding legitimate grounds for the processing, you have the right to ask us to erase your personal information. However, notwithstanding such request, we may still process your personal information if it is necessary to comply with our legal obligations, or for the establishment, exercise, or defense of legal claims. If you wish to exercise any of these rights, please contact us through the channels listed in this Policy.

When you contact us, we reserve the right to ask for reasonable evidence to verify your identity before we provide you with information. Where we are not able to provide you with information that you have asked for, we will explain the reason.

Subject to applicable law, you have the right to lodge a complaint with your local data protection authority. If you are in the EU, then according to Article 77 of the GDPR, you can lodge a complaint to the supervisory authority, in the Member State of your residence, place of work or place of alleged infringement of the GDPR. For a list of supervisory authorities in the EU, click here.

If you are in the UK, you can lodge a complaint to the Information Commissioner’s Office (ICO) pursuant to the instructions provided here.

Additional information for individuals in California

If you are an individual residing in California and would like to exercise any of your rights pursuant to the California Privacy Rights Act (CPRA), please contact the Customer to exercise any of your rights. Please note that Truly AI Ltd. (In formation) is merely a Service Provider, acting on behalf of the Customer (which would be considered the Business.