Introduction
At Tracehub, we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at tracehub.app and interact with our services.
We respect your privacy rights and are dedicated to transparency in our data handling practices. Please read this policy carefully to understand our views and practices regarding your personal data and how we will treat it.
Your consent
By using our website or installing the Tracehub Shopify application, you consent to the data practices described in this policy. Specifically:
- Installing the Tracehub app constitutes your explicit consent to our data collection and processing practices
- Accessing our website or using any Service features indicates your acceptance of this Privacy Policy
- Using AI-powered features constitutes consent to send data to our AI service providers (as detailed below)
If you do not agree with this policy, please do not install the app, access our website, or use our services. You may withdraw your consent at any time by uninstalling the app and contacting us to request data deletion.
Information we collect
We collect several types of information from and about users of our website, including:
Contact form data
When you submit our contact form, we collect:
- Your full name
- Email address
- Company name (optional)
- Message content and any information you choose to share
Usage analytics
We automatically collect certain information about your device and how you interact with our website, including:
- Browser type and version
- Operating system
- Pages visited and time spent on pages
- Referring website addresses
- IP address (anonymized)
Cookies and tracking technologies
We use cookies and similar tracking technologies to track activity on our website and store certain information. For detailed information about our use of cookies, please see the Cookies Policy section below.
ESPR compliance data (for Shopify app users)
When you use our Shopify application, we collect and process structured product data for EU ESPR Annex III compliance, including:
Product identification data:
- Global Trade Item Numbers (GTIN)
- Commodity codes
- Batch numbers, serial numbers, and lot numbers
- Model numbers and variant identifiers
Economic operator information:
- Manufacturer details (name, country, identifiers)
- Importer information
- Distributor details
- Authorized representative information
- Facility locations and certifications
Substances and materials:
- Substances of concern with CAS (Chemical Abstracts Service) numbers
- Material composition data
- Concentration levels and regulatory classifications
- REACH, RoHS, and other regulatory list references
Product lifecycle information:
- Disassembly and repair instructions
- Recycling and end-of-life guidance
- Tools required and safety warnings
- Spare parts availability
Certifications and standards:
- Harmonized standards references (ISO, EN, IEC)
- Certification numbers and issuing bodies
- Compliance status and documentation
How we use your information
We use the information we collect for various purposes, including:
Responding to inquiries
We use your contact information to respond to your questions, comments, and requests submitted through our contact form. This is necessary to fulfill our legitimate interest in communicating with potential and existing clients.
Improving our services
We analyze usage data to understand how visitors interact with our website, identify areas for improvement, and enhance user experience. This helps us optimize our content, design, and functionality.
Analytics and performance monitoring
We use anonymized analytics data to monitor website performance, track key metrics, and identify technical issues. This allows us to maintain a high-quality, reliable website.
Legal compliance
We may use your information to comply with applicable laws, regulations, legal processes, or enforceable governmental requests.
ESPR compliance and regulatory purposes
We process ESPR-related data to:
- Generate EU-compliant Digital Product Passports
- Validate compliance with ESPR Annex III requirements
- Calculate compliance scores and identify gaps
- Provide category-specific guidance (batteries, textiles, electronics, etc.)
- Sync structured data to your Shopify store metafields
- Enable AI-powered autofill of regulatory fields (with your explicit consent)
This processing is necessary to fulfill our contract with you and to comply with EU regulatory requirements under the Ecodesign for Sustainable Products Regulation (ESPR).
Data storage and security
We take the security of your personal information seriously and implement appropriate technical and organizational measures to protect it against unauthorized or unlawful processing, accidental loss, destruction, or damage.
Secure storage practices
- All data is stored on secure servers located in Frankfurt, Germany
- We use industry-standard hosting providers with robust security measures
- Regular security audits and updates are performed
- Access to servers and data is restricted to authorized personnel only
Encryption
All data transmitted between your browser and our website is encrypted using SSL/TLS protocols (HTTPS). Sensitive data stored in our systems is encrypted at rest.
Limited access
Access to personal information is restricted to authorized personnel who need it to perform their job functions. All personnel with access to personal data are bound by confidentiality obligations.
Special category data handling
ESPR compliance data may include commercially sensitive information such as:
- Supplier and manufacturer identities
- Facility locations
- Substances of concern in products
- Proprietary material compositions
We apply enhanced security measures to protect this data, including encryption at rest and in transit, access controls, and regular security audits.
While we strive to use commercially acceptable means to protect your personal information, please be aware that no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.
Your rights (GDPR compliance)
If you are a resident of the European Economic Area (EEA), United Kingdom, or Switzerland, you have certain data protection rights under the General Data Protection Regulation (GDPR). Tracehub aims to take reasonable steps to allow you to correct, amend, delete, or limit the use of your personal data.
Right to access
You have the right to request copies of your personal data. We may charge a small fee for this service.
Right to rectification
You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
Right to erasure (right to be forgotten)
You have the right to request that we erase your personal data, under certain conditions. We will comply with such requests unless we have a legitimate reason to retain the data.
Right to restrict processing
You have the right to request that we restrict the processing of your personal data, under certain conditions.
Right to data portability
You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
Right to object
You have the right to object to our processing of your personal data, under certain conditions.
How to exercise your rights
If you wish to exercise any of these rights, please contact us at privacy@tracehub.app. We will respond to your request within 30 days.
Third-party services
We use select third-party services to help us operate our website and provide our services. These third parties have access to your personal information only to perform specific tasks on our behalf and are obligated not to disclose or use it for any other purpose.
Render (hosting and deployment)
Our website and application are hosted on Render with servers located in Frankfurt, Germany. Render may collect technical information about your visit, such as your IP address and browser information. For more information, please review Render's Privacy Policy.
OpenAI (AI-powered features)
We use OpenAI's API to provide AI-powered autofill functionality for ESPR data extraction. When you use this feature, product information (title, description, tags, vendor) is sent to OpenAI's servers for processing. OpenAI does not use your data to train their models. For more information, visit OpenAI's Privacy Policy.
We only use this service when you explicitly trigger the AI autofill feature. You can choose not to use AI features and manually enter all ESPR data.
Analytics services
We use analytics services to understand how visitors interact with our website. These services collect anonymized data about page views, performance metrics, and user behavior. No personally identifiable information is collected.
Data retention
We will retain your personal information only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your information to the extent necessary to comply with our legal obligations, resolve disputes, and enforce our policies.
Contact form data
Information submitted through our contact form is retained for up to 2 years or until you request deletion, whichever comes first. This allows us to maintain a record of our communications and follow up on inquiries.
Analytics data
Anonymized analytics data is retained for up to 12 months to help us understand long-term trends and improve our website.
Cookies
Cookies are retained for varying periods depending on their type and purpose, typically ranging from session-based (deleted when you close your browser) to up to 12 months.
ESPR compliance data
ESPR-related product data (Digital Product Passports, substances of concern, economic operator information) is retained for as long as your account is active or as needed to provide you with our services. This data may also be retained to comply with legal obligations under EU ESPR regulations, which may require maintaining product compliance records for extended periods.
When you delete products from your Shopify store or uninstall the Tracehub app, associated ESPR data is deleted in accordance with our data retention policy, typically within 90 days, unless longer retention is required by law.
If you would like to request the deletion of your personal data before the standard retention period expires, please contact us using the information provided below.
Contact information
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Response time
We aim to respond to all privacy-related inquiries within 24-48 hours
Subject line
Please include "Privacy Inquiry" in your email subject for faster processing
We are committed to resolving any privacy concerns you may have and will work with you to ensure your data rights are respected.
Changes to this privacy policy
We may update our Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date at the top of this policy.
We encourage you to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.
Questions about our privacy practices?
Get in touch