Privacy Policy
Last updated: May 10, 2026
1. Data Controller
TracePass LTD (UIC 208790302), Shtrossmayer Street, 1309 Sofia, Bulgaria, EU.
Website: tracepass.eu
Contact: info@tracepass.eu
Controller vs processor roles. TracePass is the data controller for website visitors, account registration and administration data, and billing data. For the product and passport content you publish through the platform (technical specifications, supplier information, supporting documents, etc.), you are the data controller and TracePass acts as a data processor on your behalf — we process that content only under your instructions to generate, host, and serve your Digital Product Passports. This also means the accuracy, lawfulness, and regulatory truthfulness of passport data remain your responsibility (see Terms, Section 6).
2. What Data We Collect
2.1 Platform
| Data | Purpose | Legal Basis | Retention |
|---|---|---|---|
| Account info (email, company, VAT) | Service provision | Contract (Art. 6(1)(b)) | Duration of account + 30 days |
| Product data you upload | DPP generation | Contract (Art. 6(1)(b)) | Duration of account |
| DPP content | Hosting passports | Contract (Art. 6(1)(b)) | Product lifetime + 10 years (EU regulation) |
| Payment data | Billing | Contract (Art. 6(1)(b)) | Per tax law (typically 10 years) |
2.2 Automatically collected
IP address, browser type, pages visited via standard web server logs. No tracking cookies are used. Legal basis: Legitimate interest (Art. 6(1)(f)) for security and service improvement. Retention: 90 days.
3. How We Use Your Data
- To contact you about your account, billing, security, and material product changes
- To provide the DPP generation and hosting service
- To host and serve your Digital Product Passports
- To improve our platform and fix issues
- To comply with legal obligations
We do NOT sell, rent, or share your personal data with third parties for marketing purposes.
4. Third-Party Processors
| Service | Purpose | Location | Status |
|---|---|---|---|
| Vercel | Website hosting | EU edge | Active |
| Cloudflare | DNS | Global (EU nodes) | Active |
| Hetzner | Platform hosting | Germany | Active |
| MongoDB Atlas | Application database | EU (Frankfurt) | Active |
| Cloudflare R2 | Document & image storage | EU | Active |
| Stripe | Payment processing | EU | Active |
| Resend | Transactional email | EU | Active |
| Anthropic (Claude API) | AI document processing | USA (no personal data sent) | Active |
5. Data Storage & Security
Data is stored within the European Union (Hetzner, Germany and Vercel, EU edge). All data is encrypted in transit (HTTPS/TLS). We use industry-standard security measures to protect your data.
6. Your Rights (GDPR)
You have the right to:
- Access (Art. 15) — request a copy of your data
- Rectification (Art. 16) — correct inaccurate data
- Erasure (Art. 17) — request deletion of your data
- Restriction (Art. 18) — restrict processing of your data
- Portability (Art. 20) — receive your data in machine-readable format
- Objection (Art. 21) — object to processing based on legitimate interest
- Withdraw consent (Art. 7(3)) — at any time, without affecting prior processing
How to exercise your rights: Email info@tracepass.eu with your request. We will verify your identity and respond within 30 days. If we need more time, we will inform you within the initial 30-day period.
Right to lodge a complaint: You have the right to lodge a complaint with the Commission for Personal Data Protection (CPDP), Bulgaria, or your local supervisory authority.
7. Cookies
We use Google Analytics 4 for site-traffic analysis and the LinkedIn Insight Tag for measuring our ad-campaign performance. Both are loaded only after you accept cookies via our consent banner — decline and no third-party scripts run. Essential cookies (e.g., session management on the application portal) may be used regardless of your choice.
8. International Transfers
Your data is stored and processed within the EU/EEA. The Anthropic Claude API (used for document processing) is based in the USA. Only product data (not personal data) is sent to this service, and appropriate safeguards are in place.
9. Changes to This Policy
We may update this policy. Changes will be posted on this page with an updated date. Significant changes will be communicated via email to registered users.
10. Contact
For any privacy-related questions or requests:
Email: info@tracepass.eu
TracePass LTD, Shtrossmayer Street, 1309 Sofia, Bulgaria, EU