TrustScore Logo
TrustScore Verify Before You Trust
Eng | বাংলা
Login/Signup
Privacy Protection

Privacy Policy

Understand how your data is collected, secured with double-key cryptography, and verified through zero-knowledge principles.

1. Core Privacy Philosophy

At TrustScore, we believe that establishing credibility and trust within our community should not require sacrificing your fundamental right to privacy. Traditional background checking processes in Bangladesh often compromise private files, phone records, and identity logs.

Our service is engineered around the principle of data minimization and zero-knowledge audits. We act as a blind trust calculation machine—verifying that a credential is valid without storing it in unencrypted plain text or disclosing it to third parties without your explicit, key-based consent.

2. Information We Collect

To calculate your dynamic credibility rating, verify your identity tier, and connect you with landlords or business partners, we collect and process the following credentials:

  • Basic Account Details: Email address, personalized profile username, and salted password hashes for security.
  • Verified Credentials: Mobile phone number (verified via SMS OTP), date of birth, and physical address coordinates.
  • National Identity Data: National Identity Card (NID) numbers or digital document photocopies. These documents are only processed to establish unique citizen validity and prevent multi-account review ring fraud.
  • Transactional Records: Active loans generated through the platform, peer recommendation star ratings, and dispute declarations.

3. Double-Key Data Encryption

To prevent database leaks and unauthorized administrative overrides, all high-sensitivity credentials (such as NID numbers, address files, and birth dates) are encrypted using Double-Key Cryptography.

Under this system:

  • The User Key: Generated locally inside your secure browser session when you register or sign in. This key remains in temporary sandbox storage and is never sent directly to our cloud servers.
  • The Platform Key: Managed in our hardware security modules (HSM) with strict authorization logs.

Both keys must be combined dynamically in real-time to decrypt and view verification details. As a result, even in the event of an external server breach, your raw identification papers remain unreadable encrypted blocks of data.

4. Zero-Knowledge Verification APIs

TrustScore provides integration APIs for business merchants, apartment landlords, and financial services to check consumer profiles.

To protect your records, our verification system uses a zero-knowledge query structure. When a third party queries your status:

  • The system only transmits binary confirmations (e.g., "Is this NID valid? Yes/No" or "Is the user's phone verified? Yes/No").
  • Our servers **never** transmit the NID number, document image, or exact date of birth to the requesting API client.
  • Any third-party verification lookup requires you to approve a pop-up authorization check on your user dashboard.

5. Score & Badge Disclosures

To build trust, certain aggregated ratings are design-public and visible to anyone searching for your username:

  • Trust Score: Your current score (calculated dynamically from 0 to 1000).
  • Verification Badges: Your status tier (Bronze, Silver, Gold, or Platinum VIP).
  • Peer Reviews: Written review contents, star levels (1★ to 5★), and reviewer badge indicators.

Raw verification source data, history of specific search lookups on your profile, and password credentials remain confidential.

6. Account Deletion & Rights

You have the right to inspect, edit, or request the deletion of your account at any time. When you trigger an account termination request from the profile panel, your cryptographic keys are discarded, rendering your previous logs permanently unreadable.

Fraud Protection Limitation: To prevent malicious users from escaping bad reputations or loan obligations (NID-locking), account deletion requests will be delayed if you have an active disputed loan contract or unresolved review manipulation disputes. Once financial obligations are cleared, accounts are purged within 7 business days.

7. Compliance & Inquiries

TrustScore regularly undergoes independent security audits and data protection reviews to remain aligned with local privacy laws and international double-key infrastructure standards.

If you have questions about this policy, want to request an export of your local profile, or need to report a privacy concern, please contact our Data Protection Team at privacy@trustscorebd.com.