Legal

Privacy policy

Plain-English first, legalese second. This page explains what information this website collects, why, who processes it, and what your choices are.

Effective date: July 2, 2026

Who we are and what this covers

This privacy policy covers trusteddirective.com, the public website for Trusted Directive (“we,” “us”). It applies to what happens when you browse this site, join the waitlist, request a demo, or contact us.

It does not cover the vault application itself. When you create a vault account, separate terms and consent agreements govern your documents and your sharing choices — you’ll see and accept those inside the application, before anything is stored or shared.

Information you give us

  • Waitlist signups: your email address, plus which page you signed up from.
  • Demo requests: your name, email address, firm name, and whether you’re an advisor or an attorney.
  • Contact messages: whatever you choose to include in your message, plus your email address so we can reply.

That’s the full list. There are no accounts on this website, no payment forms, and no fields that ask for anything sensitive.

Information collected automatically (analytics)

We use PostHog, a product analytics service, to understand how this site is used. PostHog is loaded on every page and collects:

  • Pages you view, in what order, and how you arrived (referrer and campaign parameters)
  • Interactions such as clicks on buttons and links, and form submissions (the fact that a form was submitted and from which page — analytics events do not capture what you typed)
  • Technical details: browser type, device type, operating system, screen size, and IP address
  • A randomly generated identifier stored in a cookie or your browser’s local storage, used to recognize repeat visits

This data is processed by PostHog, Inc. on its U.S. cloud (us.i.posthog.com). We use it to see which pages are read, where visitors come from, and where the site is confusing — nothing more.

We also use Google Analytics 4 (measurement ID G-ZXVJZ4CVNZ), provided by Google, to measure overall site traffic. In short: we use PostHog (product analytics) and Google Analytics 4 (traffic measurement). We do not use advertising networks or ad-targeting cookies, and we do not sell or rent any information about you to anyone.

Our hosting provider, Vercel, also keeps standard server logs (such as IP address and requested URL) for operating and securing the site.

How we use your information

  • To email your invitation when Trusted Directive opens (waitlist)
  • To reply to demo requests and set up a demo (a real person answers)
  • To respond to questions sent through the contact form
  • To understand site traffic and improve the pages (analytics, in aggregate)

We email you only about the thing you asked for. Joining the waitlist gets you a launch invitation, not a marketing drip. Every email we send includes a way to opt out, and asking to be removed removes you.

Who processes your information

We use a small set of service providers to run this site. Each receives only what it needs to do its job:

  • Vercel — hosts the website and the form endpoint
  • Formspree — relays form submissions (waitlist, demo, contact) to us by email
  • Notion — stores the waitlist and demo-request list so we can send invitations
  • PostHog — product analytics, as described above
  • Google (Google Analytics 4) — website traffic measurement, as described above

Beyond these providers, we disclose personal information only if the law requires it. We never sell it.

What about vault documents?

Nothing on this website touches vault contents — this site has no connection to document storage. For what it’s worth here: vault documents are encrypted at rest with AES-256 via AWS KMS, decryption is restricted to narrowly-scoped service roles so no employee has standing access to document content, and professionals linked to a vault see document metadata only, never content. The full inventory of deployed controls is on the security page, and the application’s own privacy and sharing agreements govern everything inside it.

How long we keep information

  • Waitlist and demo requests: until we’ve sent your invitation or completed your request, and for a reasonable period afterward — or until you ask us to delete them, whichever comes first.
  • Contact messages: as long as needed to resolve your question.
  • Analytics data: retained under PostHog’s standard retention settings and reviewed only in aggregate.

Your choices and rights

  • Access, correction, deletion: ask us what we hold about you, ask us to fix it, or ask us to delete it — contact us and we’ll do it. No forms, no fee, no friction.
  • Email: unsubscribe from any email we send, or ask to be removed from the waitlist entirely.
  • Analytics: blocking cookies or using a content blocker will stop PostHog from tracking your visit; the site works fine without it.

Depending on where you live (for example, the EU/EEA, the U.K., Québec, or California), you may have additional statutory rights over your personal information, including rights to access, portability, correction, and deletion. We honor requests under those laws through the same channel: contact us.

Children

This website is not directed to children, and we do not knowingly collect personal information from anyone under 16. If you believe a child has provided us information, contact us and we will delete it.

Changes to this policy

If this policy changes, we’ll update it here and change the effective date at the top. If a change meaningfully affects information you’ve already given us — like the waitlist — we’ll email you about it before it takes effect, not after.

Contact

Questions about privacy, or a request about your information? Use the contact form — a real person answers within one business day.