TrueStanding

Coming Soon
Join the waitlist

Privacy Policy

Last updated: June 12, 2026

Baxter Research Group (“BRC,” “we,” “our,” or “us”) operates the TrueStanding platform (the “Service”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. Please read this Privacy Policy carefully. By accessing or using TrueStanding, you acknowledge that you have read, understood, and agree to be bound by the terms of this Privacy Policy.

1. Information We Collect

1.1 Account Information

When you create a TrueStanding account, we collect the following personal information:

  • Full name
  • Email address
  • Company or organization name (optional)
  • Password (stored in hashed form; we never store plaintext passwords)
  • Billing information (processed securely through Stripe; we do not store full credit card numbers)

1.2 Review and Sentiment Data

TrueStanding connects to third-party review platforms on your behalf to collect and analyze customer review data. This data may include:

  • Review text, ratings, and timestamps from connected platforms (e.g., Google Reviews, the Apple App Store, and Google Play)
  • Reviewer display names and profile information as publicly available on those platforms
  • Aggregate sentiment scores and trend data generated by our AI analysis
  • Tags, categories, and labels you assign to reviews within TrueStanding

1.3 Usage Data

We automatically collect certain technical information when you access the Service, including:

  • IP address and approximate geographic location
  • Browser type, version, and operating system
  • Pages visited, features used, and time spent on each page
  • Referring URLs and search terms that led you to the Service
  • Device identifiers and screen resolution

1.4 Communication Data

If you contact us through email, support tickets, or in-app feedback, we collect the content of those communications along with your contact details and any attachments you provide.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • To provide, operate, and maintain the TrueStanding Service
  • To process and analyze customer review data using our AI sentiment analysis engine
  • To generate sentiment reports, trend analysis, and actionable insights for your account
  • To send you alerts and notifications about sentiment changes, as configured in your account settings
  • To process payments and manage your subscription
  • To communicate with you about service updates, security alerts, and support
  • To improve our AI models and the overall quality of the Service (using anonymized, aggregated data only)
  • To detect and prevent fraud, abuse, and security threats
  • To comply with legal obligations and enforce our Terms of Service

3. AI Processing of Review Data

TrueStanding uses artificial intelligence and natural language processing to analyze the review data you connect to our platform. It is important that you understand how this works:

  • Our AI processes review text to determine sentiment (positive, negative, neutral), identify themes and topics, detect emerging trends, and flag reviews that may require urgent attention.
  • AI-generated insights are derived solely from the review data connected to your account. We do not combine your review data with data from other accounts for analysis purposes.
  • We may use anonymized and aggregated data (with all personally identifiable information removed) to improve our AI models and overall service quality. Individual reviews are never shared with other customers.
  • You retain full ownership of your review data and the AI-generated insights associated with your account.
  • Our AI processing is automated. While we strive for accuracy, AI-generated sentiment analysis should be considered as one input among many for your business decisions.

4. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information or review data to third parties. We may share information in the following limited circumstances:

  • Service Providers (Sub-processors): We work with third-party service providers who process data on our behalf to operate the Service. Our current sub-processors include Microsoft Azure (cloud hosting and storage), Stripe (payment processing), Twilio SendGrid (transactional and alert email delivery), and Anthropic and/or OpenAI (AI sentiment and language processing). These providers are contractually bound (including, where applicable, by data processing agreements) to use your data only as necessary to provide their services to us and to maintain appropriate security measures. An up-to-date list of sub-processors is available on request at privacy@brc.com.
  • Legal Compliance: We may disclose your information if required to do so by law, regulation, legal process, or governmental request, or if we believe in good faith that such disclosure is necessary to protect our rights, your safety, or the safety of others.
  • Business Transfers: In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal information.
  • With Your Consent: We may share your information with third parties when you have given us explicit consent to do so.
  • Aggregated Data: We may share anonymized, aggregated statistics about platform usage and sentiment trends that cannot be used to identify any individual user or their specific review data.

5. Review Platform Data

When you connect a review platform to TrueStanding, you authorize us to access publicly available review data from that platform on your behalf. Please note:

  • We access review data through official APIs and authorized access methods where available.
  • The review data we collect is limited to what is publicly visible on those platforms or what you have authorized us to access through your platform credentials.
  • We do not access private customer data, payment information, or internal business data from connected review platforms.
  • You are responsible for ensuring you have the right to authorize TrueStanding to access review data from your connected platforms.
  • Disconnecting a review source from TrueStanding will stop future data collection from that source. Previously collected data can be deleted upon request.

6. Cookies and Tracking Technologies

TrueStanding uses cookies and similar tracking technologies to enhance your experience. For detailed information about the cookies we use, please refer to our Cookie Policy.

We use the following categories of cookies:

  • Essential Cookies: Required for the Service to function properly, including authentication and session management. These are always active.
  • Analytics Cookies: Help us understand how users interact with the Service so we can improve it.
  • Preference Cookies: Remember your settings and preferences for a better experience.

Managing your consent. Non-essential (analytics and preference) cookies are only set with your consent where required by law. You can accept or decline these via our cookie banner when you first visit, change your choice at any time through the cookie settings link in the footer, and control cookies through your browser settings. Declining non-essential cookies will not affect access to core features. We honor Global Privacy Control (GPC) browser signals as a valid opt-out where applicable.

7. Your Rights and Choices

Depending on your location, you may have some or all of the following rights regarding your personal data. We do not discriminate against you for exercising any of these rights.

  • Access / Know: Request a copy of the personal data we hold about you and information about how we process it.
  • Correction: Request that we correct inaccurate or incomplete personal data.
  • Deletion: Request that we delete your personal data, subject to certain legal exceptions.
  • Portability: Request your data in a structured, commonly used, machine-readable format.
  • Objection / Restriction: Object to or request that we restrict the processing of your personal data in certain circumstances.
  • Withdrawal of Consent: Where we rely on consent, withdraw that consent at any time (without affecting prior lawful processing).
  • Opt-Out of Marketing: Opt out of marketing communications at any time via the unsubscribe link in our emails or your notification preferences. Transactional and security messages are not marketing and may still be sent.

7.1 California Residents (CCPA / CPRA)

Notice at Collection. We collect the categories of personal information described in Section 1 (identifiers such as name and email; commercial/billing information; internet and usage activity; approximate geolocation; and the review content you connect). We collect it for the business purposes described in Section 2, retain it for the periods described in Section 9, and do not collect sensitive personal information beyond account credentials.

California residents have the right to know, access, delete, and correct their personal information, and to opt out of the “sale” or “sharing” of personal information and to limit the use of sensitive personal information. We do not sell or share your personal information or review data, and we do not use sensitive personal information for purposes that would require an opt-out. You may exercise your rights as described in Section 7.4, and you will not be discriminated against for doing so. You may use an authorized agent to submit requests on your behalf.

7.2 EEA / UK Residents (GDPR / UK GDPR)

If you are in the European Economic Area or the United Kingdom, we process your personal data on the following lawful bases: (a) performance of a contract, to provide the Service you sign up for; (b) our legitimate interests in operating, securing, and improving the Service, balanced against your rights; (c) your consent, where requested (e.g., certain cookies or marketing); and (d) compliance with legal obligations. You have the GDPR rights listed above, and you may lodge a complaint with your local supervisory authority. Where we transfer data internationally, we rely on appropriate safeguards (see Section 10), and a Data Processing Addendum incorporating Standard Contractual Clauses is available to business customers on request at privacy@brc.com.

7.3 Other U.S. State Residents (Virginia, Colorado, Connecticut, Utah, and similar)

Residents of states with comprehensive privacy laws (including the VCDPA, CPA, CTDPA, and UCPA) have rights to access, correct, delete, and obtain a portable copy of their personal data, and to opt out of targeted advertising, the sale of personal data, and certain profiling. We do not sell personal data or engage in targeted advertising or profiling that produces legal or similarly significant effects. Where these laws provide an appeal process, you may appeal a denied request by replying to our decision or contacting privacy@brc.com.

7.4 How to Exercise Your Rights

To exercise any of these rights, email privacy@brc.com or use the in-app account controls. We will verify your identity (typically via your account email) before fulfilling a request, and will respond within the timeframe required by applicable law (generally 30–45 days). These requests are free unless excessive or repetitive.

8. Data Security

We implement industry-standard technical and organizational security measures to protect your information, including:

  • Encryption of data in transit (TLS 1.2+) and at rest (AES-256)
  • Regular security assessments and vulnerability testing
  • Access controls limiting data access to authorized personnel only
  • Secure cloud infrastructure with SOC 2 compliant hosting providers
  • Automated monitoring and alerting for suspicious activity

While we take reasonable measures to protect your data, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security of your information.

8.1 Data Breach Notification

We maintain procedures to detect, investigate, and respond to security incidents. In the event of a personal data breach that affects your information, we will notify affected users and the appropriate regulators without undue delay and within the timeframes required by applicable law (for example, within 72 hours of becoming aware where required under the GDPR, and as required under U.S. state breach-notification laws). Notifications will describe, to the extent known, the nature of the incident, the information involved, and the steps we are taking in response.

9. Data Retention

We retain your information for as long as your account is active or as needed to provide the Service to you. Specifically:

  • Account Data: Retained for the duration of your account plus 30 days after account deletion to allow for recovery.
  • Review Data: Retained for the duration of your subscription. Upon account cancellation, review data is deleted within 90 days unless you request earlier deletion.
  • AI-Generated Insights: Retained alongside the review data from which they were derived and deleted on the same schedule.
  • Usage Logs: Retained for up to 12 months for analytics and security purposes, then automatically purged.
  • Billing Records: Retained for up to 7 years as required by tax and accounting regulations.

10. International Data Transfers

TrueStanding is operated from the United States. If you access the Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States where our servers are located. By using the Service, you consent to the transfer of your information to the United States. Where we transfer personal data from the EEA, UK, or Switzerland, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses (and the UK Addendum), together with supplementary measures, to ensure your data receives an adequate level of protection. A Data Processing Addendum is available to business customers on request at privacy@brc.com.

11. Children's Privacy

TrueStanding is a business tool not intended for use by individuals under the age of 18, and it is not directed to children. Consistent with the Children's Online Privacy Protection Act (COPPA), we do not knowingly collect personal information from children under 13 (or under 18). If we become aware that we have collected personal data from a child, we will take steps to delete that information promptly. If you believe a child has provided us with personal information, please contact us at privacy@brc.com.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will notify you by posting the updated policy on this page and updating the “Last Updated” date. For significant changes, we may also send you a notification via email or through the Service. Your continued use of TrueStanding after any changes to this Privacy Policy constitutes your acceptance of the updated terms.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Baxter Research Group (BRC)
Email: privacy@brc.com
Website: https://brc.com

We will respond to all privacy-related inquiries within 30 days.