Controller and contacts
Legal identity, address, privacy route, representative and DPO where applicable.
Legal draft · Noindex
Trace does not yet have a verified operating legal entity, complete processing inventory or professional privacy-law approval. This page identifies what must be resolved before a public privacy notice can be relied on.
Do not rely on this page as a privacy notice. It does not identify a legally verified controller and does not provide a complete or approved description of processing. No live pilot should process customer case data until the applicable privacy notice, DPA, security terms and operational procedures are complete.
Publication gate
Entity placeholder: “Trace” is currently a product and brand name on this site. It must not be substituted for the controller’s verified legal identity.
Implementation inventory · Verify before use
The present codebase appears to use the following browser and server storage. This is a technical inventory for legal review, not a settled statement of purpose, legal basis or retention compliance:
/api/events only after the visitor selects analytics, subject to the final server implementation and configured destination; andThe current analytics code is designed to block common personal fields and not send form content as event properties. That technical control still requires end-to-end verification; it is not a legal conclusion or guarantee that no personal data is processed.
Visitors should not submit identity documents, data exports, credentials, live data-subject requests or other sensitive case material through a public website form. An accepted pilot needs a separately approved secure transfer route and contractual scope.
Required notice structure
Exact content must follow the verified processing operation. These headings are drafting prompts, not pre-approved answers.
Legal identity, address, privacy route, representative and DPO where applicable.
Website, application, commercial, support and pilot-case data described separately.
A purpose-specific analysis, including legitimate-interest detail where used.
Processors, subprocessors, other recipients, locations and transfer safeguards.
Concrete periods or criteria for leads, analytics, contracts, security logs and case data.
How rights can be exercised, identity handled and complaints made to the competent authority.
Next legal action: appoint the operating entity and legal owner, complete the actual processing register, confirm every production vendor and data route, then have EU privacy counsel approve a notice that matches the deployed service. Until then, this page remains noindex and non-operative.