What is a Digital Product Passport (DPP)?

A Digital Product Passport is a structured digital dataset required by the EU ESPR regulation (2024/1781), accessible via QR code on products. It contains material composition, carbon footprint, recyclability, supply chain data, and compliance information. Battery passports become mandatory February 2027.

Which product categories need a Digital Product Passport?

The EU ESPR covers 30+ product categories. First mandatory: batteries (Feb 2027), iron/steel (2027-2028), textiles (2028-2029). Then electronics, construction, furniture, chemicals, packaging, tyres, and more through 2031.

How much does DPP compliance cost?

TracePass offers a free tier (3 DPPs) and a Basic plan at EUR 49/month (25 DPPs, manual entry). AI-assisted plans start at EUR 350/month (150 DPPs). Supplier portal from EUR 500/month (Growth). Enterprise solutions typically cost EUR 30,000-100,000+/year. TracePass provides AI-assisted compliance tooling, designed to be 80-95% cheaper than enterprise alternatives.

Privacy Policy — TracePass

1. Data Controller

TracePass (company registration in progress), Bulgaria, EU.

Website: tracepass.eu

Contact: info@tracepass.eu

Legal entity details (company name, registration number, registered address) will be published here upon completion of company registration.

2. What Data We Collect

2.1 Waitlist form (current)

Data	Purpose	Legal Basis	Retention
Email address	Contact about launch	Consent (Art. 6(1)(a))	Until unsubscribe or deletion request
Company name	Understand customer profile	Consent (Art. 6(1)(a))	Until unsubscribe or deletion request
Product category	Prioritize features	Consent (Art. 6(1)(a))	Until unsubscribe or deletion request
Optional message	Understand needs	Consent (Art. 6(1)(a))	Until unsubscribe or deletion request

2.2 Platform (when launched)

Data	Purpose	Legal Basis	Retention
Account info (email, company, VAT)	Service provision	Contract (Art. 6(1)(b))	Duration of account + 30 days
Product data you upload	DPP generation	Contract (Art. 6(1)(b))	Duration of account
DPP content	Hosting passports	Contract (Art. 6(1)(b))	Product lifetime + 10 years (EU regulation)
Payment data	Billing	Contract (Art. 6(1)(b))	Per tax law (typically 10 years)

2.3 Automatically collected

IP address, browser type, pages visited via standard web server logs. No tracking cookies are used. Legal basis: Legitimate interest (Art. 6(1)(f)) for security and service improvement. Retention: 90 days.

3. How We Use Your Data

To contact you about TracePass launch and product updates
To provide the DPP generation service (when launched)
To host and serve your Digital Product Passports
To improve our platform and fix issues
To comply with legal obligations

We do NOT sell, rent, or share your personal data with third parties for marketing purposes.

4. Third-Party Processors

Service	Purpose	Location	Status
Vercel	Website hosting	EU edge	Active
Cloudflare	DNS	Global (EU nodes)	Active
Google Sheets	Waitlist storage	EU	Active (temporary)
Hetzner	Platform hosting	Germany	Upon platform launch
Stripe	Payment processing	EU	Upon platform launch
Anthropic (Claude API)	AI document processing	USA (no personal data sent)	Upon platform launch

5. Data Storage & Security

Data is stored within the European Union (Hetzner, Germany and Vercel, EU edge). All data is encrypted in transit (HTTPS/TLS). We use industry-standard security measures to protect your data.

6. Your Rights (GDPR)

You have the right to:

Access (Art. 15) — request a copy of your data
Rectification (Art. 16) — correct inaccurate data
Erasure (Art. 17) — request deletion of your data
Restriction (Art. 18) — restrict processing of your data
Portability (Art. 20) — receive your data in machine-readable format
Objection (Art. 21) — object to processing based on legitimate interest
Withdraw consent (Art. 7(3)) — at any time, without affecting prior processing

How to exercise your rights: Email info@tracepass.eu with your request. We will verify your identity and respond within 30 days. If we need more time, we will inform you within the initial 30-day period.

Right to lodge a complaint: You have the right to lodge a complaint with the Commission for Personal Data Protection (CPDP), Bulgaria, or your local supervisory authority.

7. Cookies

We do not use tracking cookies. Essential cookies may be used for functionality (e.g., session management when the platform launches). No third-party advertising or analytics cookies.

8. International Transfers

Your data is stored and processed within the EU/EEA. The Anthropic Claude API (used for document processing upon platform launch) is based in the USA. Only product data (not personal data) is sent to this service, and appropriate safeguards are in place.

9. Changes to This Policy

We may update this policy. Changes will be posted on this page with an updated date. Significant changes will be communicated via email to registered users.

10. Contact

For any privacy-related questions or requests:

Email: info@tracepass.eu

TracePass, Bulgaria, EU