Privacy Notice
Last updated: June 21, 2026
This Privacy Notice explains how TrueClaimRates("TrueClaimRates", "we", "us") collects, uses, and shares personal data in connection with the TrueClaimRates platform and websites (the "Service"). TrueClaimRates is the data controller for personal data collected through the Service, except for payment data collected directly by our Merchant of Record (see "Sharing" below).
1. Personal data we collect
- Account data — name, email address, password hash, display name, shop affiliation, role.
- Profile and shop data — shop name, address, contact details, certifications, photos you upload.
- Submitted documents — repair bills, estimates, and supporting images you upload. We automatically and manually redact customer PII (names, VINs, claim numbers in restricted states, addresses) before public display.
- Forum and community content — posts, replies, votes.
- Usage and device data — IP address, browser type, device identifiers, pages viewed, timestamps, referrer, and similar telemetry collected via logs and cookies.
- Support communications — emails and messages you send us.
2. Purposes and legal bases
| Purpose | Legal basis |
|---|---|
| Create and operate your account | Performance of a contract |
| Provide and improve the Service, including aggregating and displaying repair data | Legitimate interests |
| Verify submitted bills and protect against fraud, abuse, and security threats | Legitimate interests / legal obligation |
| Process subscriptions and prevent payment fraud | Performance of a contract |
| Send service announcements and respond to support requests | Performance of a contract / legitimate interests |
| Send marketing communications (where applicable) | Consent (you may withdraw at any time) |
| Comply with laws and respond to lawful requests | Legal obligation |
3. Sharing
We share personal data with:
- Service providers / subprocessors — hosting, database, file storage, email delivery, analytics, and customer-support tooling, all under written contracts that restrict their use of the data.
- Merchant of Record (Paddle) — Paddle.com Market Limited acts as the seller of record for purchases and handles payment processing, subscription management, billing, tax compliance, invoicing, and refunds. Paddle is an independent controller for the payment data it collects.
- Professional advisers — legal, accounting, and audit advisers where reasonably necessary.
- Authorities — where required by law, court order, or to protect rights, safety, or property.
- Successors — in connection with a merger, acquisition, or sale of assets.
We do not sell personal data.
4. Public display of repair data
The Service publishes aggregated and per-bill repair data so that shops, customers, and the industry can compare rates and insurer behavior. Bills are published only after redaction of customer PII. Shop names, addresses, labor rates, and similar business information about repair shops and insurers may be publicly displayed.
5. Cookies
We use cookies and similar technologies that are strictly necessary to operate the Service (authentication, security, preferences). We may also use limited analytics cookies to understand how the Service is used. You can manage cookies through your browser settings; disabling strictly necessary cookies may break parts of the Service.
6. Retention
We retain account and submission data for as long as your account is active and for a reasonable period afterwards to comply with legal, tax, accounting, and dispute-resolution obligations. Published, redacted aggregate data may be retained indefinitely as part of the public ledger. Logs and telemetry are retained for a shorter period appropriate to the purpose.
7. Your rights
Depending on where you live, you may have rights to access, correct, delete, restrict, or port your personal data, to object to certain processing, and to withdraw consent. Residents of the EEA/UK have rights under the GDPR/UK GDPR; residents of California have rights under the CCPA/CPRA. To exercise a right, email info@trueclaimrates.com. We will respond within the time period required by applicable law (generally one month for GDPR requests). You also have the right to complain to your local data protection authority.
8. International transfers
We are based in the United States and our service providers may process data in the United States and other countries. Where data is transferred from the EEA or UK, we rely on appropriate safeguards such as Standard Contractual Clauses or equivalent mechanisms.
9. Security
We use appropriate technical and organizational measures to protect personal data, including TLS encryption in transit, encryption at rest for sensitive data, access controls, and least-privilege administration. No system is completely secure; we cannot guarantee absolute security.
10. Children
The Service is not directed to children under 16. We do not knowingly collect personal data from children.
11. Changes to this Notice
We may update this Privacy Notice from time to time. Material changes will be communicated by posting the updated notice on this page with a new "Last updated" date.
12. Contact
Privacy questions and requests: info@trueclaimrates.com.