Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.truthlocks.com/llms.txt

Use this file to discover all available pages before exploring further.

The Truthlocks Privacy Center gives you control over your personal data. You can request a full data export, delete your account, and track the status of privacy requests. Access it from your dashboard at verify.truthlocks.com/privacy.

Data export

Request a copy of all data associated with your account. Exports are delivered in JSON format and include your profile information, protections, credentials, and activity history.
1

Request an export

Open the Privacy Center and click Request Data Export. The request enters a processing queue.
2

Wait for processing

Export requests are processed within a few minutes. You can track the status on the Privacy Center page.
3

Download your data

Once the status changes to Completed, a download link appears in the Available Downloads section. Click it to download your JSON export.
Export files contain personal data. Store them securely and delete them when you no longer need them.

Export via the API

You can also request exports programmatically: 
curl -X POST https://api.truthlocks.com/v1/consumer/privacy/export \
  -H "X-API-Key: tlk_your_key_here" \
  -H "Content-Type: application/json" \
  -d '{"format": "json"}'
Response
{
  "job_id": "prv_export_abc123",
  "status": "PENDING",
  "created_at": "2026-03-25T12:00:00Z"
}
Poll the job status or check the Available Downloads section once processing completes.

Account deletion

Deleting your account permanently removes all your data, protections, credentials, and signing keys. This action cannot be undone.
1

Request deletion

In the Privacy Center, click Request Account Deletion.
2

Confirm with your email

A confirmation dialog asks you to type your account email address to proceed. This prevents accidental deletions.
3

Processing

Deletion requests are processed within 30 days, in compliance with data protection regulations. You can continue using your account until processing begins.
Account deletion is irreversible. All attestations, protections, and credentials linked to your account will be permanently erased. Existing proof pages and badges will stop resolving.

Tracking privacy requests

The Privacy Center displays a list of your recent privacy requests with real-time status updates:
StatusMeaning
PendingRequest received, waiting to be processed
ApprovedRequest approved and queued for execution
ProcessingActively being processed
CompletedRequest fulfilled (download available for exports)
FailedAn error occurred; contact support
ExpiredDownload link expired; request a new export

Data retention policies

Tenant administrators can set per-category retention rules from Settings > Privacy in the console. Retention policies control how long data is kept before automatic deletion.

Supported data classes

Data classDescription
Audit logsConsole and API activity logs
Consumer inboxCredentials delivered to consumers
Verification eventsRecords of third-party verifications
Webhook deliveriesOutbound webhook delivery logs

Default retention values

Every new tenant starts with the following per-category defaults:
Data classDefault retentionDefault delete mode
Audit logs365 daysSoft only
Consumer inbox90 daysSoft then hard
Verification events365 daysSoft only
Webhook deliveries30 daysSoft then hard
You can adjust these at any time from the console. In addition to per-category rules, the platform enforces an overall attestation data retention period of 2 years (730 days) by default. This covers attestations, audit logs, evidence, and verification records at the platform level. The 2-year period applies unless you have the extended retention add-on enabled.
Enterprise plans include an extended retention add-on that increases the platform-level retention ceiling to 10 years (3,650 days). When enabled, the extended period applies to attestations, audit logs, evidence, and verification records. Contact sales to enable it.

How retention is enforced

A background job runs daily to process expired records. Records past their retention period are handled in batches to minimize system load. The job applies your configured delete mode:
  • Soft only — records are marked as archived but the data is preserved.
  • Soft then hard — records are permanently deleted after the retention period.

Configuring a policy

Each data class has three settings:
  • Retention days — how long to keep records (0–3,650 days). Set to 0 to retain indefinitely.
  • Delete modeSoft only marks records as deleted but retains the data, or Soft then hard permanently purges records after the soft-delete period.
  • Enabled — toggle to activate or deactivate the policy.
Changes take effect immediately when saved. A background job runs daily to process expired records in batches. When you need to preserve data for legal or compliance reasons, create a legal hold to pause automatic deletion for a specific scope.
1

Open privacy settings

Navigate to Settings > Privacy in the console and scroll to the Legal Holds section.
2

Create a hold

Click Create Hold and provide:
  • Scope type — Tenant, Organization, User, or Resource
  • Scope ID — the identifier for the entity (UUID)
  • Reason — why the hold is needed (minimum 10 characters)
3

Release when no longer needed

Click Release on an active hold and confirm in the dialog. Data covered by the hold resumes normal retention processing.
Releasing a legal hold is permanent. Once released, data covered by the hold becomes subject to your retention policies and may be deleted automatically.
Account deletion requests are blocked while a legal hold covers the user’s data. The hold must be released before the deletion can proceed.

Your privacy rights

Truthlocks supports the following data rights in compliance with GDPR and similar regulations:

Right to access

Request a full copy of your personal data at any time through the data export feature.

Right to erasure

Request permanent deletion of your account and all associated data.

Right to portability

Export your data in a structured, machine-readable JSON format.

Processing transparency

Track the status of all privacy requests in real time from the Privacy Center.

For developers

Request data export

POST /v1/consumer/privacy/export

Request account deletion

POST /v1/consumer/privacy/delete-account

List privacy jobs

GET /v1/consumer/privacy/jobs

Next steps

Account security

Set up MFA and manage active sessions.

Content protection

Learn how to protect your content with cryptographic attestations.