Last updated: January 1, 2026. This policy explains how IBT collects, uses, and protects personal information.
IBT collects information in two contexts. For businesses applying for certification, we collect business name, contact information, client lists, and billing records provided during the application process. For client respondents, we collect identity verification data (processed by Stripe Identity) and survey responses. We do not collect personal information from casual visitors to this website beyond standard server logs.
Business information is used solely to conduct the certification assessment and communicate assessment results. Client respondent information is used to verify identity and record survey responses. IBT does not sell, rent, or share personal information with third parties for marketing purposes. Identity verification data processed by Stripe Identity is subject to Stripe's privacy policy.
When IBT contacts clients of a business under assessment, we explain the purpose of the survey, obtain informed consent before recording any response, and limit data collection to what is necessary for verification and the survey itself. Individual client responses are never shared with the business under assessment. Aggregate statistical results are shared with the business in the form of the assessment result report.
Assessment records are retained for 7 years following the certification decision date. Identity verification records are retained for the minimum period required by applicable law and Stripe's data retention policies. Businesses that withdraw an application before the decision date may request deletion of their data, subject to legal retention requirements.
IBT employs appropriate technical and organizational measures to protect personal data against unauthorized access, disclosure, alteration, or destruction. These include encrypted data storage, access controls, and regular security reviews. No data transmission over the internet is completely secure; we cannot guarantee absolute security but commit to industry-standard protections.
Depending on your jurisdiction, you may have rights to access, correct, delete, or restrict the processing of your personal data. To exercise these rights, contact info@bureauoftrust.org. We will respond within 30 days. Note that certain data may be retained regardless of deletion requests to the extent required by law or contractual obligation.
The IBT website uses only essential cookies required for basic site functionality. We do not use tracking cookies, advertising cookies, or third-party analytics cookies. You may disable cookies in your browser settings; this will not affect your ability to use the site.
Questions about this privacy policy should be directed to info@bureauoftrust.org or International Bureau of Trust, [Address], United States. For complaints that cannot be resolved directly, you may contact your applicable data protection authority.