Privacy Policy
Last updated: 25 April 2026
1. Who We Are
Tehidea Ltd is the controller of personal data processed through Trump-O-Meter. We are a company registered in England and Wales (Company No. 05902165) with a registered address at 86-90 Paul Street, London, EC2A 4NE. You can contact us at [email protected].
2. Scope
This notice applies to our websites, applications, paid subscriptions, and related support and marketing communications.
3. Data We Collect From You
Account and profile data: Name, email address, password hash, profile image URL you choose to add, linked sign-in information, and records relating to verification, password reset, account deletion, and security features such as two-factor authentication.
Subscription and billing data: Plan, billing interval, subscription status, billing-period dates, Stripe customer and subscription identifiers, and limited transaction metadata. We do not store full card numbers.
Notification and unsubscribe data: Notification preferences, push-subscription data, and unsubscribe tokens.
AI chat and support data: AI chat messages, timestamps, conversation metadata, support requests, automated safety or abuse signals, and records created when chats are reviewed or moderated.
Marketing sign-up data: If you join our mailing list or early-access list, we collect the information you submit, such as your email address, and may also collect related metadata such as IP address, approximate location, timezone, language, user agent, and referrer where available.
4. Data We Receive From Third Parties and Automatically
Sign-in providers: If you sign in with a third-party provider such as Google, we may receive basic account details such as your name, email address, and profile image.
Payment providers: We receive subscription status, customer identifiers, and limited billing metadata from Stripe or another payment provider we use.
Device, usage, and log data: We collect session identifiers, IP address, browser or device information, pages viewed, referrers, timestamps, and related technical logs when you use our websites and applications.
Analytics data: We generate aggregated analytics and performance signals to understand how our sites and features are used.
We do not sell your personal data to third parties.
5. How and Why We Use Personal Data
To provide the Service: We use personal data to create and manage accounts, provide subscriptions, process payments, deliver support, and operate the Service. Our lawful basis is usually performance of our contract with you.
To secure and improve the Service: We use personal data to prevent abuse, investigate fraud, enforce our Terms and Acceptable Use Policy, maintain logs, debug issues, and improve reliability and performance. Our lawful basis is usually our legitimate interests in running a secure and effective service.
To comply with law: We may keep records, respond to lawful requests, and meet tax, accounting, and regulatory requirements. Our lawful basis is compliance with legal obligations.
For marketing and consent-based processing: If you sign up for marketing emails or if we use non-essential cookies or similar technologies where consent is required, our lawful basis is your consent.
6. Cookies and Analytics
We use a strictly necessary authentication cookie for sign-in.
| Cookie | Purpose | Duration | Type |
|---|---|---|---|
| better-auth.session_token | Authentication session | 7 days | Strictly necessary |
Analytics: We use self-hosted Umami analytics across our marketing site and app to understand pageviews, referrers, browser/device information, broad geographic location, and aggregate usage patterns. We configure it to exclude URL query strings and fragments (which can contain sensitive tokens), respect Do Not Track, and use no advertising cookies or cross-site profiling. If we introduce non-essential cookies or similar technologies that require consent, we will update this notice and ask for consent where required by law.
Our lawful basis for analytics is our legitimate interests in understanding aggregate usage to operate and improve the Service (see Section 5). We do not use analytics data for advertising or cross-site profiling. Analytics records are retained per our retention policy (see Section 9).
7. Recipients and Processors
We share personal data only where needed to run the Service or where law requires it.
- Authentication and social sign-in providers
- Payment processors, including Stripe, for billing and subscription management
- Hosting and infrastructure providers for application and database hosting
- Email delivery providers for account, security, and transactional emails
- Analytics providers for usage measurement
- AI service providers used to power chat and related AI-assisted features
- Communications tools we use to receive support or marketing submissions
- Professional advisers, regulators, law-enforcement bodies, or courts where required
8. International Transfers
Our primary application data is hosted in Germany, but some processors may handle personal data in the United States or other countries. Where personal data is transferred outside the UK or EEA, we rely on lawful transfer mechanisms used by the relevant provider, such as adequacy regulations or standard contractual clauses, as applicable.
9. Retention
We retain personal data only for as long as reasonably necessary for the purposes described in this notice, including to provide the Service, keep business records, resolve disputes, enforce agreements, and meet legal, tax, fraud-prevention, and security obligations.
- Account, profile, and billing records are usually kept while your account is active and for a reasonable period afterwards
- Billing and accounting records may be kept longer where required by tax, accounting, or fraud-prevention obligations
- Session and server-log data is generally kept for up to 90 days unless needed longer for security, abuse prevention, or investigations
- AI chat, moderation, and abuse records may be retained for longer where needed for safety, disputes, or legal compliance
- Notification preferences, push subscriptions, and unsubscribe tokens are kept until deleted or no longer needed for the account
- Marketing sign-up records are kept until you unsubscribe, withdraw consent, or they are no longer needed for the relevant campaign
10. Your Rights
Under the UK GDPR and EU GDPR, where applicable, you have the right to:
- Access your personal data
- Rectify inaccurate personal data
- Erase your personal data
- Data portability
- Restrict processing
- Object to processing
- Withdraw consent where we rely on consent
To exercise any of these rights, contact us at [email protected]. You also have the right to lodge a complaint with the ICO in the UK or your relevant EU supervisory authority.
11. Automated Decision-Making
We do not use solely automated decision-making that produces legal or similarly significant effects about you.
12. Children
The Service is not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16.
13. Security
We protect your data using HTTPS encryption, hashed passwords, and access controls. No system is completely secure, but we take reasonable measures to protect your information.
14. Changes to This Notice
We may update this Privacy Policy from time to time to reflect legal, technical, or operational changes. Where appropriate, we will post an updated version and take any additional steps required by law.
15. Contact
If you have any questions about this Privacy Policy, please contact us at [email protected].
See also our Terms of Service.