Do I need to disclose Trustpilot in my privacy policy?

Yes. Because Trustpilot collects personal data from your website visitors and users who submit reviews, GDPR and similar privacy laws require you to disclose this processing. You must inform users that their data is collected and transferred to Trustpilot A/S, and explain the lawful basis for this transfer.

What data does Trustpilot collect from my website?

Trustpilot collects review content, user names, and IP addresses from visitors who interact with reviews or submit feedback through your site. If users create accounts or post reviews directly, Trustpilot may also collect email addresses and other profile information. The exact data depends on your integration method and user actions.

Does Trustpilot use cookies that require a consent banner?

Trustpilot may use cookies for analytics and functionality purposes. While no cookies are currently documented for this integration, you should verify Trustpilot's current cookie practices and implement consent banners if non-essential cookies are deployed. Check Trustpilot's privacy documentation for the most up-to-date information.

Who processes my data and where is it stored?

Trustpilot A/S, a Danish company operating under EU jurisdiction, is the data processor. Data is transferred to Denmark (EU) and processed in accordance with GDPR. You remain the data controller and are responsible for ensuring a valid legal basis exists for this transfer, typically your legitimate interest in managing reputation or user consent.

Reviews

Privacy policy clauses for Trustpilot

Trustpilot is a customer review and reputation management platform that collects user reviews and ratings about businesses. Websites integrate Trustpilot to display customer feedback, build trust, and manage their online reputation through aggregated review data.

Scan my site free →Copy sample clause ↓

Free scan · No signup · Results in 60 seconds

What data Trustpilot collects

Your privacy policy must disclose each of the following data types when you use Trustpilot.

Review content

User name

IP address

When does Trustpilot trigger privacy obligations?

Trustpilot integration triggers privacy obligations the moment you embed its widget, API, or review-collection script on your site or in your app. Here's what starts immediately:

Data flows that activate compliance duty:

Trustpilot collects review content, user names, and IP addresses of reviewers and site visitors. If you embed the widget or invite customers to review via Trustpilot's platform, you become a joint controller (under GDPR Article 26) or data sharing partner with Trustpilot A/S (Denmark, EU). The IP address collection alone triggers tracking consent obligations in EU/EEA jurisdictions under the ePrivacy Directive Article 5(3).

Jurisdiction-specific thresholds:

–GDPR (EU/EEA + UK): Applies immediately if any reviewer or site visitor is in these regions. You must have a Data Processing Agreement (DPA) with Trustpilot A/S per GDPR Article 28. Trustpilot's privacy policy should specify its role; verify it's published on their site.

Privacy policy clauses for Trustpilot

What data Trustpilot collects

When does Trustpilot trigger privacy obligations?

Where data goes

Common compliance pitfalls

Missing or outdated Data Processing Agreement

Conflating "review content" with non-personal data

Not updating privacy notice after Trustpilot goes live

Sample privacy policy clause

What regulators look for

Frequently asked questions

Do I need to disclose Trustpilot in my privacy policy?

What data does Trustpilot collect from my website?

Does Trustpilot use cookies that require a consent banner?

Who processes my data and where is it stored?

Don't ship without Bandit.