Privacy Policy

1. Introduction

LLM Trust (“we”, “us”, “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use our platform at llmtrust.com (the “Service”).

We comply with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and other applicable data protection laws. For the purposes of the GDPR, LLM Trust acts as the Data Controller of your personal data.

2. Data We Collect

2.1 Information You Provide

• Account data: Name, email address, and password (hashed) when you create an account.
• Profile data: Username, avatar, and optional bio information.
• User-generated content: Model reviews, comments, ratings, and uploaded model metadata.
• Communications: Messages sent through our contact forms, support tickets, or email.

2.2 Information Collected Automatically

• Usage data: Pages visited, models browsed, search queries, click patterns, and feature usage.
• Device data: IP address, browser type and version, operating system, and screen resolution.
• Log data: Access times, error logs, and referring URLs.

2.3 Information from Third Parties

When you sign in via OAuth providers (GitHub, Google), we receive your name, email address, and profile picture as authorized by you during the authentication flow.

3. Legal Basis for Processing (GDPR Art. 6)

• Contract performance: Processing necessary to provide the Service (account management, model access, API keys).
• Legitimate interest: Improving the Service, ensuring security, preventing fraud, and analyzing usage patterns.
• Consent: Marketing communications, non-essential cookies. You may withdraw consent at any time.
• Legal obligation: Compliance with applicable laws and regulatory requirements.

4. Cookies & Tracking

We use cookies and similar technologies to operate and improve the Service. For detailed information on the types of cookies we use and how to manage your preferences, please see our Cookie Policy.

Essential cookies are required for the Service to function (session management, authentication). Analytics cookies are used only with your consent and can be managed through your browser settings or our cookie preferences center.

5. Data Sharing & Disclosure

We do not sell your personal data. We may share data only in the following circumstances:

• Service providers: Trusted third parties who assist in operating the Service (hosting via Vercel, database via Neon Postgres, analytics). All providers are bound by data processing agreements.
• Legal requirements: When required by law, regulation, or valid legal process.
• Business transfers: In connection with a merger, acquisition, or sale of assets, with prior notice to affected users.
• With your consent: When you explicitly authorize data sharing.

6. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA). When we transfer data internationally, we ensure appropriate safeguards are in place, including:

• EU Standard Contractual Clauses (SCCs)
• Adequacy decisions by the European Commission
• Binding Corporate Rules where applicable

7. Data Retention

We retain personal data only as long as necessary for the purposes described in this policy:

• Account data: Until you delete your account, plus 30 days for backup recovery.
• Usage logs: 12 months from collection.
• Analytics data: Anonymized after 26 months.
• Support communications: 3 years from last interaction.

8. Your Rights (GDPR Chapter 3)

Under the GDPR, you have the following rights regarding your personal data:

• Right of access (Art. 15): Request a copy of the personal data we hold about you.
• Right to rectification (Art. 16): Request correction of inaccurate or incomplete data.
• Right to erasure (Art. 17): Request deletion of your personal data (“right to be forgotten”).
• Right to restriction (Art. 18): Request limitation of processing in certain circumstances.
• Right to data portability (Art. 20): Receive your data in a structured, machine-readable format.
• Right to object (Art. 21): Object to processing based on legitimate interest or direct marketing.
• Right to withdraw consent: Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, contact us at privacy@llmtrust.com. We will respond within 30 days.

You also have the right to lodge a complaint with your local data protection authority if you believe we have not adequately addressed your concerns.

9. Security Measures

We implement industry-standard security measures to protect your data:

• Encryption in transit (TLS 1.3) and at rest (AES-256)
• Password hashing using bcrypt with per-user salts
• Regular security audits and vulnerability assessments
• Access controls with principle of least privilege
• Automated monitoring and incident response procedures

10. Children’s Privacy

The Service is not directed to individuals under 16 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child under 16, we will take steps to delete it promptly.

11. Data Protection Officer

For any questions or concerns regarding this Privacy Policy or our data practices, contact our Data Protection Officer:

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through a prominent notice on the Service. Your continued use of the Service after such changes constitutes acceptance of the updated policy.