Event
Rethinking Resilience & Wellbeing 20 November • Sydney, Australia
Learn More
inTruth logo

inTruth Technologies Privacy Policy

Effective Date: 29 June 2022
Last Updated: 9 October 2025

1. About Us

This Privacy Policy describes how Love Out Loud, PBC, a Delaware Public Benefit Corporation, 1616 16th Street, Suite 350, San Francisco, CA 94103 USA ("Company," "we," "us," or "our"), and its wholly owned subsidiary inTruth Technologies Pty Ltd, Level 3, 31 Queen Street, Melbourne VIC 3000, Australia, collect, use, disclose, and safeguard your information.

This Policy applies to:

  • Our website (https://intruth.io),
  • The inTruth mobile and desktop applications,
  • Wearable integrations (e.g., Garmin, Biostrap),
  • Beta/research programs, APIs, dashboards,
  • Any related products and services (collectively, the "Services").

2. Categories of Information We Collect

We may collect the following types of data:

  • Account Information: name, email, login credentials, billing/payment info.
  • Geolocation Data (if applicable): approximate or precise location if you enable location services. We do not collect precise geolocation unless you actively grant permission.
  • Device & Log Data: IP address, browser/device type, operating system, app identifiers, crash/error logs.
  • Biometric Data (Wearables): heart rate, HRV, sleep, activity, and movement signals.
  • Emotional Insights (Derived Data): emotional scores, trends, and visualizations from our proprietary algorithms.
  • Communications & Feedback: messages, survey responses, support tickets.
  • Cookies & Tracking: analytics, session IDs, and marketing pixels.
  • Profiling & Automated Decisions: We do not use Personal Data for automated decisions that have legal or significant effects. Emotional insights are for informational wellness purposes only.

3. How We Use Your Information

We use your information to:

  • Provide, maintain, and improve the Services.
  • Generate non-medical emotional wellness insights.
  • Conduct analytics, research, and product development.
  • Personalize your experience.
  • Communicate with you about updates, features, and promotions.
  • Ensure system security and prevent fraud.
  • Comply with legal and regulatory obligations.
  • Send you marketing communications, newsletters, and promotions (where permitted by law).
  • Protect our rights, enforce our agreements, and defend against legal claims.

We may create De-Identified Data and Aggregated Data for analytics, research, and product improvement. This data cannot reasonably identify you and may be retained indefinitely.

4. Health & Safety Disclaimer

  • The Services are not medical devices.
  • Insights are for general wellness, reflection, and awareness only.
  • The Services are not designed to diagnose, cure, mitigate, monitor, treat, or prevent any disease or disorder.
  • The Services are not cleared or approved by the U.S. Food and Drug Administration (FDA), the Australian Therapeutic Goods Administration (TGA), or any other regulator.
  • Always consult a qualified healthcare professional with any questions about your health.

5. Legal Bases for Processing

Where required (e.g., GDPR, UK GDPR), we rely on:

  • Consent (e.g., biometric data collection).
  • Performance of a Contract (e.g., subscriptions).
  • Legitimate Interests (e.g., analytics, fraud prevention).
  • Legal Obligations (e.g., tax, accounting, compliance).

6. How We Share Your Information

We do not sell personal data. We may share data with:

  • Vendors/Service Providers: hosting, storage, analytics, customer support.
  • Wearable Partners: e.g., Garmin, subject to their terms.
  • Research Partners: only with your explicit consent.
  • Corporate Transactions: merger, acquisition, reorganization.
  • Legal Authorities: where required by law.
  • Affiliates & Subsidiaries: including inTruth Technologies Pty Ltd (Australia) and other related entities.
  • With your consent: such as participation in research programs or partnerships you opt into.

7. International Transfers

Data may be stored or processed in the U.S., Australia, EU, or other jurisdictions.

For California residents: We do not "sell" or "share" Personal Data as defined under the California Consumer Privacy Rights Act (CPRA).

Safeguards include:

  • Standard Contractual Clauses (SCCs) for EU/UK transfers,
  • Adequacy decisions where available,
  • Other lawful transfer mechanisms.

8. Data Retention

  • Personal Data: retained only as long as necessary for Services, legal, or contractual obligations.
  • Deletion Requests: processed within a reasonable timeframe - typically within 30 days, and always within 90 days, unless law requires longer retention.
  • De-Identified/Aggregated Data: may be retained indefinitely.

9. Your Rights

Depending on your location, you may have the right to:

  • Access, correct, or delete your data.
  • Restrict or object to processing.
  • Data portability.
  • Withdraw consent.
  • Opt-out of marketing communications by using unsubscribe links in emails or adjusting in-app settings.

We will not discriminate against you for exercising your privacy rights (as required by CPRA and similar laws).

Appeals: If we deny a rights request, you may appeal by contacting privacy@intruth.io. If unsatisfied, you may contact your state attorney general or data protection authority.

10. Cookies & Tracking

We use cookies and pixels for functionality, analytics, and marketing.

In the EU/UK, we display a cookie consent banner before setting non-essential cookies.

You may adjust browser settings to refuse cookies, though some features may not work.

11. Children's Privacy

The Services are not directed to anyone under 18 years of age, and we do not knowingly collect Personal Data from individuals under 18. If we become aware that we have collected data from someone under 18, we will promptly delete it.

We recognize the importance of advancing emotional wellness for young people. In the future, we may explore expanding our Services to adolescents or children, but only after we have conducted appropriate research, obtained necessary ethical and regulatory approvals, and ensured that safeguards are in place to protect minors' privacy and wellbeing. Until such safeguards are fully implemented, children are not permitted to use our Services.

If in the future we expand to minors, we will obtain verifiable parental or guardian consent and comply with applicable youth privacy laws (e.g., COPPA in the U.S., GDPR-K in the EU).

12. Security

We apply commercially reasonable safeguards, including:

  • Encryption (in transit & at rest),
  • Access controls,
  • Audit logging,
  • Regular penetration testing,
  • Vendor due diligence.

No system can guarantee 100% security.

13. Third-Party Services

Our Services may link to third-party services (e.g., Garmin, Biostrap). Their privacy policies govern their data practices. We are not responsible for third parties.

14. U.S. State Privacy Notices

  • California (CPRA): rights to know, delete, correct, and opt-out of sale/sharing (we do not sell).
  • Virginia, Colorado, Connecticut, Utah: equivalent rights apply.

15. EU & UK Representatives (GDPR/UK GDPR Article 27)

We are currently based in the United States and Australia, and our Services are not yet directed at individuals in the European Union (EU) or United Kingdom (UK).

In accordance with applicable data protection laws, once our Services are made available to users in the EU and UK, we will appoint an authorized local representative in each jurisdiction. The representative's contact details will be published here and made available to regulators and users at that time.

Until then, EU and UK users who interact with our Services may contact us directly at privacy@intruth.io with any questions or requests relating to this Privacy Policy.

Until a representative is appointed, EU and UK users may contact us directly at privacy@intruth.io or raise concerns with their local supervisory authority.

16. HIPAA / Health Data (U.S.)

The Services are designed for wellness and research purposes and are not currently intended to collect or process Protected Health Information ("PHI") as defined by the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Because we are not acting as a healthcare provider, insurer, or business associate of such entities, HIPAA generally does not apply to the data we process.

That said, we recognize the importance of HIPAA standards. If in the future we partner with HIPAA-covered entities (such as healthcare providers or insurers) and are required to handle PHI, we will execute Business Associate Agreements (BAAs) as necessary and update this Privacy Policy to reflect our HIPAA compliance measures at that time.

17. Changes to This Policy

We may update this Policy. If we make material changes, we will notify you via the app, email, or website.

18. Contact Us

Love Out Loud, PBC
1616 16th Street, Suite 350
San Francisco, CA 94103 USA
Email: privacy@intruth.io