Privacy Policy

Effective Date: March 1, 2026

1. Introduction

Tracius B.V. ("Tracius", "we", "us") is committed to protecting the privacy of our website visitors, customers, and users of the Tracius Traceability Hub platform. This Privacy Policy explains how we collect, use, and protect your personal information.

Tracius B.V. is registered in the Netherlands and is subject to the EU General Data Protection Regulation (GDPR).

2. Information We Collect

Website Visitors

  • Contact information you provide (name, email, company) when booking a call or submitting a form
  • Usage data collected via cookies (see our Cookie Policy)
  • Device and browser information for analytics

Platform Users

  • Account information (name, email, role) provided during onboarding
  • Authentication data managed by Auth0
  • Usage logs and audit trail data (pseudonymous operator IDs)

What We Do Not Collect

The Tracius Traceability Hub platform is designed with privacy by design. EPCIS event data is product-centric, not person-centric. We do not store personally identifiable information (PII) in the event store, only pseudonymous operator identifiers.

3. How We Use Your Information

  • To provide and maintain the Tracius Traceability Hub platform
  • To communicate with you about your account and our services
  • To improve our website and platform
  • To comply with legal obligations
  • To send marketing communications (only with your consent)

4. Legal Basis for Processing

Under GDPR, we process your personal data based on:

  • Contract performance: To provide the platform services you've subscribed to
  • Legitimate interest: To improve our services and communicate with you
  • Consent: For marketing communications
  • Legal obligation: To comply with regulatory requirements (e.g., audit trail retention)

5. Data Storage and Security

Your data is stored on AWS infrastructure in the EU (eu-west-1 region). We implement:

  • AES-256 encryption at rest
  • TLS 1.3+ encryption in transit
  • Dedicated tenant data isolation
  • MFA enforced for all platform users
  • Immutable audit trail with secure archival

6. International Data Transfers

Your platform data is stored in the EU (AWS eu-west-1). However, some of our service providers process data outside the European Economic Area:

  • Auth0 (Okta): Authentication services, US-based. Protected by Standard Contractual Clauses (SCCs).
  • Google Analytics: Website analytics, US-based. Protected by the EU-US Data Privacy Framework.
  • HubSpot: CRM and meeting scheduling, US-based. Protected by Standard Contractual Clauses (SCCs).

We ensure that all international transfers are subject to appropriate safeguards as required by GDPR Article 46.

7. Data Sharing

We do not sell your personal data. We share data only with:

  • Service providers: AWS (infrastructure), Auth0 (authentication), HubSpot (CRM and meetings)
  • Legal requirements: When required by law or to protect our rights

8. Your Rights

Under GDPR, you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Erase your data (right to be forgotten)
  • Restrict processing
  • Data portability
  • Object to processing
  • Withdraw consent

To exercise these rights, contact us at [email protected].

9. Data Retention

We retain personal data for as long as necessary to provide our services and comply with legal obligations. Audit trail data is retained per regulatory requirements (minimum 7 years, configurable up to 15 years per tenant and jurisdiction). You may request deletion of your personal data at any time.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the platform. The effective date at the top of this page indicates when the policy was last updated.

11. Contact

For privacy-related inquiries, contact us at:

Tracius B.V.
The Netherlands
[email protected]