Trusttle | TrustBridge Settlement Dashboard

This Privacy Policy explains how ELP Tech Ltd (trading as Trusttle) collects, uses, stores, and shares personal data when you use the TrustBridge platform, visit our website, or contact us. Please read it carefully.

[01]

Who We Are

Trusttle is a trading name of ELP Tech Ltd, a company registered in England and Wales.

We operate TrustBridge — an institutional settlement platform that uses smart-contract escrow, multi-party approval flows, and on-chain audit trails to facilitate high-value deal settlements.

For the purposes of UK GDPR and the Data Protection Act 2018, ELP Tech Ltd is the data controller.

Contact: contact@trusttle.com

[02]

What Data We Collect

We collect the following categories of personal data:

Category	Examples	Source
Identity data	Full name, company name, job title	Provided by you at registration
Contact data	Email address, phone number	Provided by you
Account credentials	Username, hashed password	Provided by you
KYC / verification data	Government-issued ID, proof of address, company documents	Provided by you during onboarding
Wallet & blockchain data	Ethereum wallet address, transaction hashes, on-chain activity	Generated when you use the platform
Deal & settlement data	Deal terms, parties, commission splits, approval records, escrow amounts	Generated through platform use
Usage data	Pages visited, feature interactions, timestamps, IP address, browser type	Automatically collected
Communications	Messages sent via deal threads or support requests	Provided by you
Early access data	Name, email, firm, interest description submitted via early-access form	Provided by you

[03]

How We Use Your Data

We use your data on the following lawful bases:

Purpose	Lawful Basis
Create and manage your account	Contract performance
Facilitate deal creation, approval, escrow funding, and settlement	Contract performance
Verify your identity (KYC/AML compliance)	Legal obligation
Screen wallet addresses against sanctions lists	Legal obligation / Legitimate interests
Prevent fraud, money laundering, and misuse of the platform	Legal obligation / Legitimate interests
Send transactional notifications (deal status, approvals, releases)	Contract performance
Respond to support queries and communications	Contract performance / Legitimate interests
Improve and develop the platform	Legitimate interests
Comply with regulatory and legal obligations	Legal obligation
Send product updates and relevant communications (you may opt out at any time)	Consent / Legitimate interests

[04]

Blockchain & On-Chain Data

⚠ Important Notice — On-Chain Data

When you participate in a settlement on TrustBridge, certain data is written to a public blockchain (Base mainnet). This includes wallet addresses, transaction hashes, escrow contract interactions, approval signatures, and payout records.

This data cannot be deleted, modified, or erased. Blockchain records are permanent and immutable by design. Once a transaction is confirmed on-chain, it exists on the public ledger indefinitely. Your right to erasure (right to be forgotten) does not apply to data recorded on a public blockchain.

Off-chain data (your account profile, uploaded documents, deal metadata stored in our database) remains subject to your full data rights including erasure.

We minimise the personal data written on-chain. Wallet addresses are pseudonymous identifiers — they do not directly identify you by name. However, in combination with other data, they may constitute personal data under UK GDPR. We treat them accordingly.

By using TrustBridge to participate in an on-chain settlement, you acknowledge and accept that on-chain data is permanent.

[05]

Data Sharing

We do not sell your personal data. We share it only as described below:

Recipient	Purpose	Safeguards
Other deal parties (buyer, seller, broker, arbiter)	Required to execute the settlement you are party to	Contractual necessity — disclosed deal data only
Hiscox (insurance underwriter)	Settlement insurance cover, claims processing	Data processing agreement in place
Kleros (dispute resolution)	Arbitration of disputed settlements where activated	Smart contract — on-chain, public
Chainalysis (KYT / AML screening)	Wallet screening and transaction monitoring	Data processing agreement; standard contractual clauses
Cloud infrastructure providers (Hetzner / VPS)	Hosting and data storage	Servers in EU / EEA
Resend (transactional email)	Sending deal notifications and account emails	Data processing agreement; EU data centres
Legal and compliance advisors	Regulatory compliance, legal obligations	Bound by professional confidentiality
Law enforcement or regulators	Where required by law or court order	Only to the extent legally required

[06]

International Transfers

Our primary infrastructure is hosted in the EU/EEA. However, some third-party processors (including blockchain networks and certain service providers) may process data outside the UK and EEA.

Where we transfer personal data outside the UK or EEA, we ensure appropriate safeguards are in place, including:

▸UK International Data Transfer Agreements (IDTAs) or equivalent
▸EU Standard Contractual Clauses (SCCs) where applicable
▸Adequacy decisions where the destination country is recognised as providing adequate protection

Public blockchain networks (Base mainnet) are global and decentralised. Data written on-chain is replicated across nodes worldwide. This is inherent to blockchain technology and cannot be prevented or reversed.

[07]

Data Retention

We retain your data only for as long as necessary for the purposes described in this policy, or as required by law.

Data Type	Retention Period
Account and identity data	Duration of account + 7 years after closure (AML/regulatory requirement)
KYC / verification documents	5–7 years from onboarding or last transaction (regulatory requirement)
Settlement and deal records (off-chain)	7 years from deal completion (financial records obligation)
On-chain data (blockchain)	Permanent — cannot be deleted
Usage and analytics data	Up to 2 years, then aggregated or deleted
Support and communications	3 years from last contact
Early access enquiries	18 months, unless you become a client

[08]

Your Rights

Under UK GDPR, you have the following rights in relation to your personal data:

Right of access

Request a copy of the personal data we hold about you.

Right to rectification

Ask us to correct inaccurate or incomplete data.

Right to erasure

Ask us to delete your data — subject to legal obligations and the on-chain limitation described in Section 4.

Right to restrict processing

Ask us to limit how we use your data in certain circumstances.

Right to data portability

Receive your data in a structured, machine-readable format.

Right to object

Object to processing based on legitimate interests or for direct marketing.

Right to withdraw consent

Where processing is based on consent, withdraw it at any time.

Right to complain

Lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.

To exercise any of your rights, email us at contact@trusttle.com. We will respond within 30 days.

[09]

Cookies

We use a minimal set of cookies and local storage to operate the platform:

Name / Type	Purpose	Duration
tb-theme (localStorage)	Stores your light/dark mode preference	Persistent until cleared
Session cookies	Maintain your authenticated session	Session only
Analytics (aggregated, if enabled)	Understand how the platform is used — no individual tracking	Up to 2 years

We do not use third-party advertising cookies or behavioural tracking. You can clear cookies and local storage at any time via your browser settings.

[10]

Security

We implement industry-standard technical and organisational security measures, including:

▸TLS 1.3 encryption for all data in transit
▸AES-256 encryption for data at rest
▸Gnosis Safe multisig escrow — no single party can move funds unilaterally
▸Third-party smart contract security audit (pre-mainnet, non-negotiable)
▸Ongoing penetration testing and vulnerability monitoring
▸Role-based access controls — staff access to personal data is strictly limited
▸Hiscox settlement insurance covering disputes and execution failures

No system is completely secure. In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the ICO within 72 hours and inform affected individuals without undue delay.

[11]

Children

TrustBridge is a B2B institutional platform intended for professional use only. It is not directed at or designed for use by individuals under the age of 18. We do not knowingly collect personal data from children. If you believe a minor has submitted data to us, please contact us at contact@trusttle.com and we will delete it promptly.

[12]

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or platform features.

When we make material changes, we will notify registered users by email and update the effective date at the top of this page. Continued use of the platform after the effective date constitutes acceptance of the updated policy.

We encourage you to review this page periodically.

[13]

Contact Us

For any questions about this Privacy Policy, to exercise your data rights, or to raise a concern:

Data Controller

ELP Tech Ltd (trading as Trusttle)

Registered in England and Wales

Email: contact@trusttle.com

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO):
ico.org.uk · 0303 123 1113

ELP Tech Ltd · England & Wales · contact@trusttle.com · Effective April 2026