TrustWatch Privacy Policy
Effective date: 2026-06-02
Last updated: 2026-06-02
1. Introduction & Scope
This Privacy Policy explains how Martello Systems LLC ("Martello Systems," "we," "us," or "our") collects, uses, shares, and protects personal and financial information when you use TrustWatch at trustwatch.app and related applications and services (the "Service"). It applies to information we process about visitors, account holders, and the law firms and legal professionals who use the Service.
By using the Service, you agree to the practices described in this Policy. This Policy is incorporated into and subject to our Terms of Service. If you do not agree with this Policy, please do not use the Service.
2. Information We Collect
- Account information. When you register, we collect information such as your name, email address, firm name, role, and password (stored in hashed form, via our authentication system).
- Financial-account data (via Plaid). When you connect a bank or trust account, we receive, on a read-only basis, account metadata, balances, and transaction records through Plaid Inc. (see Section 3). We do not receive or store your bank login credentials, and we do not have the ability to move funds.
- Firm configuration and trust-accounting data. We collect information you enter or configure, such as your state/jurisdiction, rule thresholds, client-matter identifiers and linkages, alert resolutions and notes, reconciliation entries, and team membership and invitations.
- Payment information (via Stripe). Subscription payments are processed by Stripe, Inc. We do not collect or store your full payment card numbers. Stripe processes your payment details directly; we receive limited information such as a customer or subscription identifier, the last four digits and card brand, subscription status, and billing metadata.
- Usage, device, and log data. We automatically collect information such as IP address, browser and device type, pages and features used, referring URLs, timestamps, and diagnostic/log data.
- Cookies and similar technologies. We use strictly necessary cookies and similar technologies as described in Section 6.
- Communications. If you contact us (for example, at support@trustwatch.app), we collect the content of your messages and our correspondence.
We do not intentionally collect sensitive categories of personal information beyond the financial-account data necessary to provide the Service, and we ask that you not submit others.
3. Plaid & Financial-Account Data
TrustWatch uses Plaid Inc. ("Plaid") to connect to your financial institutions and retrieve account and transaction data on a read-only basis (for example, Plaid's Auth and Transactions products). When you link an account, you provide your bank credentials directly to Plaid — not to TrustWatch — and Plaid then shares account information with us according to your authorization. TrustWatch can never move, hold, or transfer money.
Plaid's collection and use of your information is governed by Plaid's own privacy policy, available at Plaid's end-user privacy policy. We use the financial-account data we receive solely to operate the Service — to run the detection rules, generate alerts and reconciliation views, and present them to you for your review.
You may revoke access at any time by disconnecting the account within TrustWatch or through Plaid's portal, after which we will stop retrieving new data from that account. Previously retrieved data is retained and deleted as described in Section 7.
4. How We Use Information
We use personal and financial information to: provide, operate, and maintain the Service and your account; connect to and retrieve data from accounts you authorize; run our detection rules and generate alerts, citations, and reconciliation views for your review; maintain an audit trail of alerts and resolutions; process subscriptions, billing, and payments through Stripe; send transactional and account communications, including alert emails and digests; manage team membership and invitations; provide customer support; monitor, secure, debug, and improve the Service; detect and prevent fraud, abuse, and security issues; and comply with legal obligations and enforce our agreements. We do not use your data to make automated decisions producing legal or similarly significant effects without human involvement, and we do not sell your personal information.
5. How We Share Information
We share information only as described below. We do not sell your personal information, and we do not share it for cross-context behavioral advertising.
- Service providers (processors). Plaid Inc. (financial-account connectivity and data); Stripe, Inc. (payment processing and subscription billing); Resend (transactional and notification email delivery); Google LLC (Google Analytics 4 usage analytics, only after you accept analytics cookies); and hosting and infrastructure providers that operate the Service.
- Legal and safety. We may disclose information if required by law or legal process, or to protect the rights, property, or safety of Martello Systems, our users, or others, or to enforce our Terms.
- Business transfers. If we are involved in a merger, acquisition, financing, or sale of assets, your information may be transferred as part of that transaction, subject to this Policy.
- With your direction. We share information when you ask us to or otherwise consent (for example, when you invite a team member to your firm's account).
6. Cookies & Sessions
We use strictly necessary (essential) cookies to keep you signed in and to maintain the security of your session (including the session-token cookie used by our authentication system). These essential cookies are always active and are not used for cross-site advertising. Separately, we use Google Analytics 4 to understand how the Service is used, but only after you accept analytics in our cookie banner. If you decline, no Google Analytics cookies are set and no analytics are collected. We do not use advertising cookies. You can control cookies through your browser settings; disabling strictly necessary cookies may prevent you from signing in or using the Service.
7. Data Retention
We retain personal and financial information for as long as your account is active and as needed to provide the Service — including retaining your alert and audit-trail history so it remains available to your firm — then for a reasonable period afterward to comply with legal, tax, accounting, and recordkeeping obligations, resolve disputes, and enforce our agreements. When information is no longer needed, we delete or anonymize it. You may request deletion as described in Section 9; certain records (such as billing records) may be retained where required by law.
8. Security
We use reasonable administrative, technical, and organizational measures designed to protect personal and financial information, including encryption in transit, hashed passwords, scoped access so that you only ever see your own firm's data, access controls, and reputable infrastructure, connectivity, and payment providers. Bank credentials are handled by Plaid and are never received or stored by TrustWatch, and TrustWatch has no ability to move funds. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security. You are responsible for keeping your account credentials confidential and for managing who you invite to your firm's account. If we become aware of a breach affecting your personal information, we will notify you and authorities as required by law.
9. Your Privacy Rights
Depending on where you live, you may have rights to: access a copy of the personal information we hold; correct inaccurate information; delete your personal information; port/export your data; object to or restrict certain processing; withdraw consent where processing is based on consent; and non-discrimination for exercising your rights.
California residents (CCPA/CPRA). You have rights to know, access, correct, and delete personal information, and to opt out of any "sale" or "sharing" — note that we do not sell or share personal information as those terms are defined.
EEA/UK residents (GDPR/UK GDPR). You have the rights listed above and the right to lodge a complaint with your local data protection authority. Where the GDPR or UK GDPR applies, we process personal information on the bases of performance of a contract, legitimate interests, consent, and legal obligation.
To exercise any right, email support@trustwatch.app. We will verify your request and respond within the timeframes required by applicable law.
10. Children's Privacy
The Service is intended for business use by adults (at least 18 years old) and is not directed to children. We do not knowingly collect personal information from anyone under 18. If we learn that we have collected such information, we will delete it. If you believe a minor has provided us information, contact support@trustwatch.app.
11. International Users
We operate in the United States, and the Service is intended primarily for U.S.-based law firms. If you access the Service from outside the United States, you understand that your information will be processed in the United States, where data-protection laws may differ from those in your country. By using the Service, you consent to this transfer and processing, subject to this Policy and applicable law.
12. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date and may provide additional notice. Your continued use of the Service after the changes take effect constitutes acceptance of the updated Policy.
13. Contact
If you have questions or requests regarding this Privacy Policy or your personal information, contact Martello Systems LLC — TrustWatch, at support@trustwatch.app (trustwatch.app).