Back to Home

Privacy Policy

Last updated: January 28, 2026

Note: We're an early-stage company and will keep this document updated as our policies mature.

1. Introduction

True Record, a product of KANVAS SYSTEMS (a sole proprietorship registered in Ontario, Canada), ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Salesforce duplicate detection service.

By using True Record, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our service.

2. Data Controller and Data Processor Roles

2.1 Account and Service Data (KANVAS SYSTEMS as Controller)

KANVAS SYSTEMS (operating as True Record) is the data controller for account information, billing data, usage metrics, and other service-related personal information (as described in sections 3.1, 3.3, 3.4, and 3.6 below). We determine how this data is collected, used, and stored to operate our service.

2.2 Customer Salesforce Data (Customer as Controller, True Record as Processor)

For Salesforce CRM data that you process through our service (leads, contacts, accounts, and other records described in section 3.2), you are the data controller and True Record acts as a data processor. We process your Salesforce data only according to your instructions. See our Data Processing Agreement for details on how we process your Salesforce data.

You can contact us at privacy@truerecord.app for any privacy-related inquiries.

3. Information We Collect

3.1 Account Information

When you connect your Salesforce org to True Record, we collect:

  • Salesforce Organization ID: Unique identifier for your Salesforce instance
  • Instance URL: Your Salesforce instance URL
  • User Email: Email address of the user connecting the org
  • Display Name: Name associated with your Salesforce account
  • OAuth Tokens: Encrypted access and refresh tokens (AES-256-GCM) for API access

3.2 Salesforce Data

To perform duplicate detection, we temporarily store:

  • Record Snapshots: Copies of fields you configure for matching (e.g., name, email, phone, company) from records you scan
  • Display Fields: Optional additional fields you enable for the match review interface (e.g., address, notes) - you control which fields are included
  • Record IDs: Salesforce record identifiers for match tracking
  • Object Metadata: Field configurations and matching rules

We DO NOT store your full Salesforce database. We only store the specific fields you configure for matching and display purposes, and only for records identified as potential duplicates.

3.3 Team Member Information

For organizations with multiple members:

  • Email addresses of invited team members
  • Role assignments (admin or member)
  • Invitation tokens (temporary, deleted after use)
  • Join/invitation timestamps

3.4 Usage Information

We collect information about how you use our service:

  • Audit Logs: Actions performed (merges, dismissals, configuration changes) with timestamps and user identifiers
  • Usage Metrics: Number of scans performed, records processed (for billing purposes)
  • Technical Logs: Hashed IP addresses, user agent hashes (for security monitoring)

Note: We hash IP addresses before storage using SHA-256 (one-way encryption). We do not store raw IP addresses or session identifiers.

3.5 AI Processing & Token Usage

To power AI duplicate detection and explanations, we process:

  • Embedding Inputs (OpenAI): When AI matching is enabled, we send a text representation built from the fields used for AI embeddings (either your configured AI/both fields, or a small per-object default set) to OpenAI to generate embeddings.
  • Embedding Vectors: We store the resulting vectors plus hashes of the embedding text and field set for caching; unchanged records are not re-processed.
  • AI Explanations (Anthropic): When you request an AI explanation for a match, we send field comparison summaries (e.g., "Name: John Smith vs Jon Smith") to Anthropic's Claude API to generate natural language explanations of why records matched.
  • Record Data Cache: For cross-batch matching and performance, we may cache a snapshot of the record fields we retrieved during scanning alongside embeddings.
  • Token Counts & Cost: Token usage totals and estimated costs for billing/usage dashboards.

Both OpenAI and Anthropic state that API data is not used to train models. You can avoid new AI processing by disconnecting your org or switching to non-AI matching modes.

3.6 Data Quality Validation and Enrichment (Optional Add-Ons)

If you subscribe to our validation and enrichment add-ons, we process:

  • Phone Verification (Twilio): Phone numbers from your Salesforce records are sent to Twilio to check validity and detect disconnected numbers. Only the phone number is sent; no other record data.
  • Email Verification (ZeroBounce): Email addresses from your Salesforce records are sent to ZeroBounce to verify deliverability and detect disposable/invalid addresses. Only the email address is sent.
  • Address Geocoding (Google): Address components (street, city, state, postal code, country) from your Salesforce records are sent to Google Maps to validate and standardize addresses. Only address fields are sent.
  • Data Enrichment (Apollo.io): Domain/website URLs (for Account enrichment) or email addresses (for Lead/Contact enrichment) are sent to Apollo.io to retrieve additional business and contact data. Only the lookup key is sent; Apollo returns company and person data such as industry, employee count, LinkedIn URLs, and contact details.

These add-ons are optional and only activated when you explicitly subscribe. You can disable API calls at any time using the mode toggle (Off/Cap/Overage) in your Add-Ons settings. Usage is tracked and billed according to your subscription plan.

3.7 Billing Information

For paid plans, we collect:

  • Billing email address
  • Stripe customer ID and subscription ID

Payment card information is handled entirely by Stripe and never touches our servers. See Stripe's Privacy Policy.

4. Legal Basis for Processing (GDPR)

We process your personal data under the following legal bases:

  • Legitimate Interest: Duplicate detection and data quality services
  • Contract: Billing, subscription management, and service delivery
  • Consent: Optional marketing communications (if you opt-in)
  • Legal Obligation: Compliance with applicable laws and regulations

5. How We Use Your Information

We use the collected information for:

  • Service Delivery: Identifying and managing duplicate records in your Salesforce org
  • Authentication: Managing OAuth connections and user sessions
  • Billing: Processing payments and managing subscriptions
  • Product Improvement: Analyzing usage patterns to improve our service
  • Security: Detecting and preventing fraud, abuse, and security incidents
  • Support: Responding to your inquiries and providing customer support
  • Compliance: Meeting legal and regulatory obligations

6. Data Retention

We retain your data for the following periods:

  • AI Embeddings: Cached until the underlying record changes or the org is disconnected/purged.
  • Resolved Matches: 90 days after resolution (configurable by admin)
  • Pending Matches: 180 days after creation (configurable by admin)
  • Audit Logs: 90 days (configurable by admin)
  • Account Data: Retained while your account is active, deleted within 30 days of account closure
  • OAuth Tokens: Deleted immediately upon disconnection

Administrators can configure retention periods in the settings page. Automated cleanup runs daily to enforce retention policies.

7. Data Sharing and Third-Party Services

We share data with third-party service providers (subprocessors) to deliver our service. See our Subprocessor List for details on:

  • Salesforce (core integration)
  • OpenAI (embedding generation for AI duplicate detection; receives text derived from selected record fields; API data not used to train models)
  • Anthropic (AI-powered match explanations; receives field comparison summaries for matched records; API data not used to train models)
  • Neon PostgreSQL (database hosting)
  • Vercel (application hosting)
  • Stripe (payment processing)
  • Resend (transactional emails)
  • Twilio (optional phone verification add-on; receives phone numbers only)
  • ZeroBounce (optional email verification add-on; receives email addresses only)
  • Google Maps Platform (optional address geocoding add-on; receives address components only)
  • Apollo.io (optional data enrichment add-on; receives domain URLs or email addresses for lookup)

Note: Twilio, ZeroBounce, Google Maps, and Apollo.io are only used when you subscribe to the respective add-on features. No data is sent to these services unless you explicitly enable them.

We DO NOT sell, rent, or trade your personal information to third parties for marketing purposes.

8. International Data Transfers

Our primary data infrastructure is located in the United States (AWS us-east-1 for Neon database). If you are accessing our service from outside the US, your data will be transferred to and processed in the United States.

We rely on Standard Contractual Clauses (SCCs) and our subprocessors' data processing agreements to ensure adequate protection for international transfers.

9. Your Rights (GDPR, CCPA)

You have the following rights regarding your personal data:

9.1 Right to Access

You can request a copy of all personal data we hold about you. Visit the Privacy Settings page in your dashboard to download your data in JSON format.

9.2 Right to Rectification

You can update your account information and matching configurations at any time through the Settings page.

9.3 Right to Erasure ("Right to be Forgotten")

You can request deletion of your account and all associated data. Visit the Privacy Settings page to submit a deletion request. Admin approval is required before permanent deletion to prevent accidental data loss.

9.4 Right to Data Portability

You can export your data in a machine-readable format (JSON) from the Privacy Settings page.

9.5 Right to Restriction of Processing

You can pause duplicate detection by disabling your org in the Settings page or disconnecting your Salesforce integration.

9.6 Right to Object

You can object to data processing at any time by disconnecting your Salesforce org or requesting account deletion.

9.7 Right to Lodge a Complaint

If you are in the EU, you have the right to lodge a complaint with your local data protection authority.

To exercise any of these rights, contact us at privacy@truerecord.app or use the self-service tools in your dashboard.

10. Security

We implement industry-standard security measures to protect your data:

  • Encryption in Transit: All data transmission uses TLS 1.2+
  • Encryption at Rest: Salesforce tokens encrypted with AES-256-GCM, database encryption enabled
  • Access Controls: Role-based access control (RBAC) for org members
  • Audit Logging: All data access and modifications are logged
  • Data Minimization: We only collect and store data necessary for our service
  • Regular Updates: Security patches applied promptly

For more details, see our Security & FAQ page.

11. Cookies and Tracking

We use essential cookies for session management and authentication. See our Cookie Policy for full details.

We do not use third-party advertising or tracking cookies.

12. Children's Privacy

Our service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal data, please contact us.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Email notification to your registered email address
  • Notice in your dashboard upon login
  • Updating the "Last Updated" date at the top of this page

Your continued use of the service after changes indicates acceptance of the updated policy.

14. Contact Us

If you have questions or concerns about this Privacy Policy, please contact us:

Related Documents

Terms of ServiceCookie PolicyData Processing AgreementSubprocessor ListSecurity & FAQ