Privacy Policy

Effective date: April 18, 2026  |  Applies to thetrove.io and the Trove platform

This Privacy Policy explains how Razzalyn GL, Inc. (“Trove,” “we,” “us,” or “our”) collects, uses, discloses, and protects your information when you visit thetrove.io, join our waitlist, or use the Trove platform. Please read it carefully.

1. Who We Are

Razzalyn GL, Inc. is a Delaware C-corporation that operates the Trove peer-validated professional credibility platform at thetrove.io. Trove allows professionals to document, verify, and share proof of their career achievements through a structured system of artifacts and peer validation.

For questions about this policy, contact us at privacy@thetrove.io.

2. Information We Collect

2.1 When You Visit the Site

  • Browser and device type, operating system, IP address
  • Pages visited, time on page, referral source
  • Cookies and similar tracking technologies (see Section 8)

2.2 When You Join the Waitlist

  • Email address
  • Name, job title, and company if you choose to provide them

2.3 Information You Provide

  • Account registration: name, email address, and password
  • Professional profile: job history, work experience, education, skills, and accomplishments you add
  • Artifacts: descriptions of work outcomes, projects, and achievements you document on the platform
  • Supporting materials: documents, links, or credentials you upload to support your achievements
  • Communications: messages you send us through email or support channels

2.4 Information Collected Automatically

  • Device and browser information: browser type, operating system, device type, IP address
  • Usage data: pages visited, features used, session duration, clicks and interactions
  • Referral source and entry point
  • Cookies and similar tracking technologies (see Section 8)

2.5 Profile Enrichment Data

When you create a Trove account, we use a third-party data enrichment service called EnrichLayer (operated by Vertical Int, Inc., Orinda, CA) to supplement your profile with publicly available professional information. This may include:

  • Current and past employer names and job titles
  • Employment history and dates
  • Education history
  • Professional social media profile URLs

During signup, you are given the option to enable profile enrichment via a consent toggle. If you opt in, enrichment occurs at that time to reduce the time it takes to build your profile. The data comes from publicly available sources. You can disable enrichment at any time, and you can review, edit, correct, or remove any enriched information from your profile at any time. If you do not opt in, no enrichment data is collected.

Please note that EnrichLayer independently maintains a database of publicly available professional information and acts as an independent data controller for that database. Removing enriched data from your Trove profile does not delete data that EnrichLayer holds independently. You may exercise your rights with respect to EnrichLayer’s independent database by contacting them directly via their privacy policy at enrichlayer.com.

EnrichLayer processes this data under a Data Processing Agreement with Trove. They are contractually prohibited from selling, reusing, or combining your data with their own databases for any purpose other than enrichment on our behalf.

2.6 Validator Information

When you invite someone to validate an achievement on your profile (a “validator”), we collect:

  • Their name and email address
  • Their professional relationship to you (as you describe it)
  • Their response and any comments they provide

Validators receive email communications from Trove on your behalf. They are informed at the time of contact how their information will be used and are not required to create a Trove account to complete a validation.

Validators who wish to access, correct, or delete their information may contact us at privacy@thetrove.io.

Validator data is retained only for the life of the inviting user’s account. When a user deletes their account, associated validator data is deleted or anonymized within 30 days. Validators are directed to Section 14 (Information for Validators) at the time of first contact, which explains their rights and how their data is processed in plain language.

2.7 Third-Party Sources

We do not currently offer the ability to connect third-party accounts to Trove. If we introduce this feature in the future, we will update this policy before launch to describe what information we receive and how we use it, and will notify you of the change.

3. How We Use Your Information

3.1 Platform Operations

  • Create and maintain your Trove account
  • Display and manage your professional profile and artifacts
  • Facilitate validator outreach and track validation status
  • Pre-fill your profile using enrichment data to reduce manual entry
  • Enable you to share your verified profile with others

3.2 Communications

  • Send account-related notices (security, policy changes, important updates)
  • Send product updates and feature announcements
  • Respond to your support requests
  • Send marketing and promotional content (you can opt out at any time)

3.3 Safety and Compliance

  • Detect and prevent fraud, abuse, and unauthorized access
  • Enforce our Terms of Service
  • Comply with applicable laws and respond to lawful requests
  • Protect the rights, property, and safety of Trove and our users

3.4 Analytics and Improvement

  • Understand how users interact with the platform
  • Measure feature adoption and identify friction points
  • Develop and test new features
  • Generate aggregate, de-identified usage statistics

3.5 Legal Basis for Processing

We process your information based on: your consent (where required), performance of our contract with you, compliance with legal obligations, and our legitimate business interests in operating and improving the platform. Where we rely on legitimate interests, we balance those interests against your privacy rights.

Specifically: we process account and profile data to perform our contract with you; we process enrichment data based on your consent (opt-in at signup); we process analytics data based on our legitimate interest in improving the platform; and we process data for fraud prevention and legal compliance based on legal obligations. A detailed processing activities register is maintained internally and is available upon request to applicable data protection authorities.

4. How We Share Your Information

4.1 We Do Not Sell Your Data

We do not sell, rent, lease, or trade your personal information to any third party. This includes enriched profile data. Your data belongs to you.

4.2 Service Providers

We share data with third-party vendors who help us operate the platform. These include:

  • Cloud infrastructure and hosting providers
  • Email delivery services
  • Analytics platforms
  • Data enrichment services (EnrichLayer / Vertical Int, Inc.)
  • Customer support tools

Each service provider is bound by contract to use your data only as directed by Trove and to maintain appropriate security measures.

4.3 Your Public Profile

Information you add to your Trove profile and choose to publish is visible to anyone with your profile link. You control exactly what is published. You can make your profile private, unpublish specific artifacts, or delete your profile at any time.

4.4 Validators

When you invite a validator, we share with them the specific artifact you are asking them to validate, your name, and the context you provide. We do not share your full profile or other artifacts with validators unless you choose to.

4.5 Legal Requirements

We may disclose your information when required by law, regulation, court order, or government request, or when we believe in good faith that disclosure is necessary to protect the safety or rights of our users or the public.

4.6 Business Transfers

If Razzalyn GL, Inc. is involved in a merger, acquisition, or asset sale, your information may be transferred as part of that transaction. We will notify you by email and by prominent notice on our website before any such transfer takes effect.

4.7 Aggregated Data

We may share aggregated, anonymized data with third parties for research, benchmarking, or analytical purposes. This data is de-identified in accordance with the CCPA/CPRA standard: it cannot reasonably be used to identify you, and recipients are contractually prohibited from attempting to re-identify it.

5. Data Retention

We retain your personal data for as long as your account is active or as needed to provide our services. Specific retention periods:

  • Active account data: retained for the life of your account
  • Profile enrichment data: deleted from Trove within 30 days of account deletion; deletion from our enrichment provider’s systems may take up to 60 days pursuant to our Data Processing Agreement
  • Validator responses: retained as part of your artifact record for the life of your account
  • Account data after deletion: removed within 30 days, except where retention is required by law
  • Usage analytics and server logs: retained for up to 12 months for security and performance purposes
  • Communications and support records: retained for up to 24 months after resolution, or longer if required for legal or compliance purposes

If you have any questions about what data we hold or want to confirm deletion, email privacy@thetrove.io.

6. Your Rights and Choices

6.1 Rights Available to All Users

  • Right to access: request a copy of the personal data we hold about you
  • Right to correct: request correction of inaccurate or incomplete data
  • Right to delete: request deletion of your account and associated data
  • Right to portability: receive your data in a structured, machine-readable format
  • Right to restrict: request that we limit how we use your data in certain circumstances
  • Right to opt out: unsubscribe from marketing communications at any time

6.2 US State Privacy Rights

California residents (CCPA/CPRA). If you are a California resident, you have additional rights:

  • Right to know: request disclosure of the categories and specific pieces of personal information we have collected about you in the past 12 months
  • Right to non-discrimination: we will not discriminate against you for exercising your privacy rights
  • Right to opt out of sale or sharing: we do not sell personal information or “share” it for cross-context behavioral advertising as defined under the CPRA, but we honor this right by policy
  • Right to limit use of sensitive personal information: we do not process sensitive personal information as defined under CPRA
  • Global Privacy Control: we honor GPC signals as valid opt-out requests

To submit a California Privacy Request, email privacy@thetrove.io with “California Privacy Request” in the subject line.

Residents of other US states. If you are a resident of a US state with a comprehensive privacy law — including Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Iowa, Indiana, Tennessee, Delaware, New Jersey, New Hampshire, Minnesota, Maryland, Rhode Island, Kentucky, or any other state whose law provides comparable rights — you have similar rights, which may include the right to access, correct, delete, obtain a copy of, and opt out of the sale of your personal information or its use for targeted advertising or profiling that produces legally significant effects. We honor these rights for residents of any US state regardless of whether your state’s specific law is listed above. To exercise these rights, email privacy@thetrove.io with “Privacy Request” in the subject line.

6.3 How to Exercise Your Rights

Email privacy@thetrove.io with “Privacy Request” in the subject line. Include your full name, email address, and a description of your request. We will verify your identity and respond within 30 days. If we need more time, we will notify you.

7. Security

We implement the following measures to protect your data:

  • Encryption of data in transit (TLS/SSL) and at rest
  • Multi-factor authentication and role-based access controls
  • Regular security assessments and vulnerability management
  • Incident response procedures with breach notification protocols in accordance with applicable law
  • Restricted access to personal data on a need-to-know basis

No method of electronic storage or transmission is completely secure. If we become aware of a security breach affecting your data, we will notify applicable supervisory authorities within 72 hours where required by GDPR Article 33, and will notify you without undue delay as required by applicable law.

8. Cookies and Tracking

Types of Cookies We Use

  • Essential cookies: required for authentication, security, and core platform functionality
  • Analytics cookies: help us understand how the platform is used (e.g., PostHog)
  • Preference cookies: remember your settings and display preferences

You can manage cookie preferences through your browser settings. Disabling essential cookies will affect your ability to log in and use the platform. We do not use cookies for advertising or sell cookie data to third parties.

We currently use PostHog for product analytics. Their privacy policy is available at posthog.com/privacy.

9. Children’s Privacy

Trove is not directed to children under the age of 13. We do not knowingly collect personal information from anyone under 13. If you believe we have done so, contact us immediately at privacy@thetrove.io and we will delete the data promptly.

10. International Data Transfers

Trove is operated from the United States, with primary data processing in the US. If you are located outside the United States, your information is transferred to and processed in the US. We implement appropriate safeguards for international transfers, including standard contractual clauses and supplementary technical measures (such as encryption) where required. If you are located in the European Economic Area, United Kingdom, or Switzerland, you may contact us for a copy of the safeguards we have in place.

11. Changes to This Policy

We may update this policy from time to time. We will notify you of material changes by email and by posting the updated policy with a new effective date. For material changes, we will ask you to affirmatively acknowledge the updated policy on your next login. We will not reduce your rights under this policy without your explicit consent.

12. AI and Automated Decision-Making

Trove does not currently use personal data for automated decision-making or profiling that produces legal or similarly significant effects as defined under GDPR Article 22 or applicable US state privacy laws. We do not use personal data to train machine learning models. If we introduce automated decision-making features in the future, we will update this policy, provide notice, and offer the right to obtain human review of any automated decision that significantly affects you.

13. Do Not Track and Global Privacy Control

We honor Global Privacy Control (GPC) signals as valid opt-out requests for the sale or sharing of personal information, in accordance with the CCPA/CPRA and similar state laws. We do not currently respond to Do Not Track (DNT) browser signals, as there is no universally accepted standard for DNT compliance.

14. Information for Validators

If you received an email asking you to validate someone’s work on Trove, this section is written for you. In plain language: what we have about you, what we do with it, how long we keep it, and your rights.

This section applies to you if a Trove user (the “inviter”) listed you as a reference to validate a work artifact. You are reading this because we processed your name and email address to send you a validation request. We did not obtain this information from you directly. This section summarizes, in plain language, what we have about you, what we do with it, how long we keep it, and your rights. It is designed to satisfy our notice obligations under GDPR Article 14 and the CCPA/CPRA notice at collection. Where this section conflicts with any other part of this Policy, this section controls for validator data.

14.1 How We Got Your Information

The inviter provided your name, email address, and a description of your professional relationship to them when they created or published a work artifact on Trove. Inviters agree to our Terms of Service, which require that they only list individuals who have an existing professional relationship with them and who would reasonably expect to receive a validation request.

14.2 What We Have About You

  • The name and email address the inviter provided
  • The relationship the inviter described (e.g., “former manager,” “peer”)
  • The specific artifact (work accomplishment) you have been asked to validate
  • If you respond: your response, the relationship you confirm, and any comments you add
  • Basic email delivery metadata (e.g., opens, bounces) used to ensure deliverability and measure reminder effectiveness

14.3 What We Do With It

  • Send the validation request and, if needed, up to two reminder emails
  • If you respond, record your validation on the inviter’s profile
  • If the inviter’s profile is public, display your first name, last initial, and the relationship you confirmed alongside the validated artifact
  • Detect and prevent abuse of the validation system (e.g., fraudulent self-validation, spam)

We do not sell your data, add you to any marketing list, or use your information for any purpose outside delivering and recording this validation request.

14.4 How Long We Keep It

  • If you do not respond: we delete your name, email, and relationship description within 90 days of the original request
  • If you decline: we record the decline (to suppress further reminders) and delete your contact information within 30 days
  • If you confirm: we retain your validation for as long as the inviter’s account is active. When they delete their account or the specific artifact, your associated validation is deleted or anonymized within 30 days

14.5 Your Rights as a Validator

At any time, you can:

  • Ignore the request. You are under no obligation to respond. No Trove account is required.
  • Ask us to delete your information. Email privacy@thetrove.io and we will remove you from our systems within 30 days, including removing any validation from any profile where it appears.
  • Ask us what we have about you. We will send you a copy within 30 days.
  • Correct information. If something is wrong, we will fix it.
  • Object to processing. You can tell us to stop processing your data, and we will.

If you are in the EEA, UK, or Switzerland, you also have the right to lodge a complaint with your local data protection authority. If you are a California resident, see Section 6.2 for your CCPA/CPRA rights, which also apply to you as a validator.

14.6 Legal Basis for Processing (GDPR)

We process your name and email address under our legitimate interest in delivering the validation request the inviter asked us to send, and the inviter’s legitimate interest in receiving your validation. We process any response you give us to perform our service to the inviter. You can object to this processing at any time under Section 14.5.

14.7 Contact

Questions, requests, or concerns as a validator: privacy@thetrove.io. See Section 15 for full contact details.

15. Contact Us

For questions, concerns, or privacy requests:

Razzalyn GL, Inc.
Email: privacy@thetrove.io
56 Broad St STE 79538, Boston, MA 02109
Website: thetrove.io

We will respond to all inquiries within 30 calendar days. If we need additional time, we will notify you of the extension and the reason. If you are not satisfied with our response, you may have the right to lodge a complaint with your local data protection authority.