For procurement & legal
The page your security team can forward without follow-ups.
Contracting, payment, security, sub-processors, residency, renewal and termination: the things a procurement reviewer needs in one place. No marketing wrapper. If something’s missing, the contact link at the bottom routes straight to the right person.
Jump to Contracting & payment · Legal documents · Security & residency · Procurement Q&A · Contact.
Contracting & payment
Four payment paths.
Paid yearly by default
Stripe Checkout, 5–250 seats, billed once for the year. Discounts step down at 11, 31, and 101 seats, reaching $75 / seat / year at 101–250. Above 250 seats we quote bespoke. The 12-month batch is sized to how many people you expect to use it; at renewal we re-size based on how many actually signed up.
Invoicing on request for orders we can’t put on a card
For orders above the online range, or where your finance team pays by PO on net-30/60 against an invoice, email teams@trueings.com. We process those manually and you’ll have a counter-signed PO and an invoice within five business days.
Monthly pay-as-you-go
Available on request for partnership channels and enterprise customers. Not available to buy online today; ask in the lead form.
Multi-year commitments
Not available to buy online. Today the structure is annual + renewal; if your procurement team requires a multi-year term to release budget, talk to us. We will look at it on a per-deal basis.
The “unused codes don’t roll over” line on the buy page follows from sizing the batch to how many people you expect to use it. If your renewal model needs rollover (or any other change), say so in the lead form. We negotiate at renewal, not at first order.
Legal documents
The contracts and the disclosures.
Master Subscription Agreement
The contract for firms buying a license pool. Roles, licences and redemption rules, payment, term and termination, liability, governing law.
Data Processing Agreement
Roles and responsibilities, what we process on your employees’ behalf, confidentiality boundary, sub-processors, retention, cross-border transfers, security measures, data-subject rights.
Privacy notice
The Article 13/14 disclosures for subjects and respondents: what we process, why, how long, the rights they have.
Terms of service
The contract for the individual subject using Trueings. Acceptable use, AI limitations, your content, termination.
All four are the current public versions. The MSA and DPA are under final counsel review before the B2B2C launch announcement; they will be re-published with a version marker the moment that review completes.
Security & residency
The short version, here. The forwardable version, at /security.
Sub-processors
Supabase (EU) for the application database; Anthropic (US, SCCs) for the AI; Resend (EU) for email; Stripe for payments; PostHog (EU) for cookieless usage counts. Full list with regions and transfer bases on the Security page.
Residency
Subject and respondent data live in an EU Supabase project. The AI runs at Anthropic in the United States under Standard Contractual Clauses, disclosed honestly in the Privacy notice and DPA.
Retention
Raw conversation transcripts are deleted automatically 30 days after each round’s report is built. The finished reports and account data stay for as long as the account exists.
Authentication
Subjects sign in via single-use magic links; no passwords are stored or accepted. Respondents access via signed, single-use JWTs bound to one response. Firm administrators sign in the same way as subjects, into a dashboard that can’t see feedback content.
Procurement Q&A
The questions your reviewer will ask.
Do you offer a counter-signed DPA?
Yes, on request, for any order. The text is the same as the public DPA at /legal/dpa; we counter-sign and return within three business days.
What are the renewal and termination terms?
Annual auto-renews at the then-current per-seat price, with 60 days’ notice before the renewal date. Termination for convenience at the renewal date; termination for cause per the MSA. Renewals can be re-sized down or up based on the prior year’s actual redemption.
What is your incident-response and breach-notification commitment?
If we become aware of a personal-data breach affecting subject or respondent data, we notify the relevant controller without undue delay and within 72 hours where the breach is likely to result in a risk to data subjects (GDPR Art. 33). Procedural commitments live in the DPA.
What service-level commitments do you make?
For self-serve orders, the service is provided on a commercially reasonable best-efforts basis as described in the Terms. For orders that need a contracted SLA, email teams@trueings.com. We negotiate on a per-deal basis for enterprise rollouts.
Do you have SOC 2 / ISO 27001 / a SIG / a CAIQ?
Not today. The Security page is the most honest version of what we have and what we don’t; see the “What we don’t claim” section. SOC 2 Type I is scoped for the B2B2C mid-market phase; we will publish the report when it is real and not before.
Where do I send a vendor security questionnaire?
teams@trueings.com. We respond within five business days; longer questionnaires (SIG-Lite, CAIQ-Lite, custom) on a case-by-case basis as we scale. We will be honest about what we can say yes to today.
Contact
For your security and legal team.
For a vendor questionnaire (SIG-Lite, CAIQ-Lite, custom), a counter-signed DPA, monthly billing, a multi-year term, a custom SLA, or any change to the standard contract, email teams@trueings.com or use the lead form on /for-teams. Replies within two business days.