1.Information We Collect#
TrustEcho collects personal information necessary to provide our Stress Free Transaction Services. We collect the following categories of information:
Identity Verification (Handled by Stripe)
TrustEcho does not receive or store your selfie, identity documents, government-issued ID, or payment card information. All identity verification data is forwarded directly to Stripe Radar under Stripe's Terms of Service and Privacy Policy. TrustEcho receives only a verification result (verified/not verified) from Stripe.
Contact Information
Email address (obtained via Google authentication), phone number, and postal address if provided in your profile.
Financial Information
Bank account details for receiving payouts (stored securely by Stripe), transaction history, and subscription status. We do not store credit card numbers.
Transaction Information
Item descriptions, transaction amounts, unique transaction codes, delivery addresses, and communication between parties.
Device and Usage Information
IP address, browser type, device information, timezone, and general usage patterns for security and fraud prevention.
Transaction Accountability Information
When participating in transactions, TrustEcho may collect: phone number, email address, delivery address, IP address, device information, and general location data. This information is used for fraud prevention, dispute resolution, and platform security, separate from Stripe's identity verification process.
2.Identity Verification and Data Handling#
TrustEcho is a zero-PII fraud layer.
We hold contact data only. All identity, payment, and government-issued ID verification is performed by Stripe Radar under Stripe's Terms and Conditions. TrustEcho receives only a boolean result (verified/not verified).
Third Party Verification
To prevent fraud, we use Stripe, Inc. to verify identity. You will need to provide a selfie and contact data which is forwarded to Stripe Radar directly. TrustEcho does not retain this selfie. TrustEcho only retains basic general information about its customers for contact purposes: phone number, email address, and address for verification purposes.
Consent Before Transaction
By proceeding to create a transaction or complete a transaction (payout), you consent to Stripe verifying your identity. You may however use other marketplaces with no ID, no security, no verification, no transaction security, and no information collected. TrustEcho provides these protections specifically because we believe in accountability.
Data Minimization
In accordance with the Privacy Act 1988 (Cth), Australian Privacy Principles 3 and 11:
TrustEcho does not receive or store:
- Your selfie photograph
- Identity documents
- Government-issued identification (including Passports, Driver's Licences, and Government Identity Cards)
- Credit card or debit card information
We receive only a verification result from Stripe (verified/not verified).
Stripe's Privacy Policy
For details on how Stripe collects, stores, and processes your identity verification data, please review Stripe's Privacy Policy.
3.Transaction Accountability and Fraud Prevention#
Separate from identity verification, TrustEcho collects transaction accountability data to prevent fraud and enable dispute resolution:
- Phone numbers and email addresses provided during transactions
- Delivery addresses
- IP addresses and device information
- General location data
This transaction accountability information may be:
- Shared with Stripe Radar and related fraud prevention systems
- Reported to global fraud prevention databases that identify bad actors across marketplaces
- Stored in TrustEcho's accountability ledger
- Provided to law enforcement and regulatory authorities when required by law
- Used as evidence in dispute resolution processes
This accountability system is essential to TrustEcho's mission of creating trust in online transactions.
4.How We Use Your Information#
We use the information we collect for the following purposes:
- Service Delivery: To facilitate secure transactions between buyers and sellers, process payments, and release funds upon transaction completion.
- Identity Verification: To verify your identity during onboarding and ensure compliance with Australian financial regulations.
- Communication: To send transaction notifications, status updates, deadline reminders, and important service announcements via email.
- Fraud Prevention: To detect, investigate, and prevent fraudulent transactions, suspicious activity, and abuse of our platform.
- Dispute Resolution: To provide evidence and facilitate resolution when disputes arise between transacting parties.
- Legal Compliance: To comply with applicable laws, regulations, court orders, and government requests.
- Service Improvement: To analyze usage patterns and improve our platform's functionality and user experience.
5.Our Partners and Information Disclosure#
We work with trusted partners to deliver our services. We share your information with the following categories of recipients:
Stripe, Inc.
Our payment processing and identity verification partner. Your selfie and identity documents are forwarded directly to Stripe Radar for verification. TrustEcho does not retain your selfie, identity documents, government-issued ID, or payment card information. Stripe is PCI-DSS Level 1 certified and operates under their own Privacy Policy. TrustEcho receives only a verification result from Stripe.
Provides authentication services. We receive your email address and basic profile information when you sign in with Google.
Transaction Counterparties
Other users you transact with can see relevant transaction details including item descriptions, amounts, and messages exchanged through the platform. Personal contact details are not shared between parties.
Legal and Regulatory Authorities
We may disclose information to law enforcement, courts, regulators, or government authorities when required by law or to protect our legal rights.
We do NOT sell, rent, or trade your personal information to third parties for marketing purposes.
6.Method of Disclosure#
When we share your information with partners and authorities, we do so through the following methods:
- Encrypted API Connections: Information shared with Stripe and other service partners is transmitted via encrypted, secure API connections.
- Platform Messaging: Communication between transaction parties occurs within our secure platform. Personal contact details are not exposed.
- Formal Legal Process: Disclosures to authorities occur only in response to valid legal process (subpoenas, court orders) or imminent threats to safety.
- Secure Email: Transaction notifications and service communications are sent via encrypted email services.
7.Security Practices#
We implement appropriate technical and organizational measures to protect your personal information:
- Encryption: All data in transit is encrypted using TLS/HTTPS protocols.
- Payment Security: All payment processing is handled by Stripe, a PCI-DSS Level 1 compliant payment processor. We never store your full credit card details.
- Access Controls: Access to personal information is restricted to authorized personnel on a need-to-know basis.
- Secure Infrastructure: Our platform is hosted on secure, enterprise-grade cloud infrastructure with regular security updates.
- Fraud Monitoring: We employ automated systems to detect and flag suspicious activity patterns.
While we strive to protect your information, no system is completely secure. You are responsible for maintaining the security of your account credentials.
8.Safeguards for Information Collected#
We implement the following safeguards to protect the information we collect:
- Data Minimization: We only collect information necessary to provide our services.
- Purpose Limitation: We use your information only for the purposes described in this policy.
- Secure Storage: Personal data is stored in secure databases with encryption at rest.
- Regular Audits: We periodically review our data handling practices and security measures.
- Partner Vetting: We only work with partners who demonstrate appropriate security standards and comply with applicable privacy laws.
- Incident Response: We maintain procedures to respond quickly to any suspected data breaches and will notify affected users as required by law.
9.Data Retention#
We retain your personal information for as long as your account is active or as needed to provide services. Transaction records are retained for a minimum of seven (7) years for accounting, tax, and legal compliance purposes. You may request account deletion, however we may retain certain information as required by law or for legitimate business purposes such as fraud prevention.
10.Your Rights#
Under Australian privacy law, you have the right to:
- Access the personal information we hold about you
- Request correction of inaccurate information
- Request deletion of your account (subject to legal retention requirements)
- Lodge a complaint with the Office of the Australian Information Commissioner (OAIC)
To exercise these rights, please contact us using the details below.
11.Cookies#
We use essential cookies for authentication and session management. These cookies are necessary for the platform to function and cannot be disabled. We do not use tracking cookies or third-party advertising cookies.
12.Children's Privacy#
TrustEcho is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child, we will promptly delete it.
13.International Data Transfers#
TrustEcho is operated from Australia. Your information may be processed by our partners (such as Stripe) in other jurisdictions. By using our service, you consent to the transfer of your information to countries that may have different data protection laws than Australia.
14.Changes to This Policy#
We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice on our platform. Your continued use of TrustEcho after changes take effect constitutes your acceptance of the updated policy.
15.Contact Us#
If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us: