At Trace® we believe trust is everything in the global digital economy. It’s what relationships are based on; it’s the bedrock of business, of decisions, of good risk management. And trust has never been more important when it comes to the secure and accountable handling of data in robust infrastructure. Trace® is a certified Crown Commercial Service supplier, built on Security by Design principles. Compliance is at the heart of everything we do.
How we keep your data secure
Trace® is committed to being a custodian of your information and we are driven to empower trust at your organisation by helping you protect the data that matters. Learn more about how we use the right technical and organisational measures to look after your information:
Compliant by Design
We’re experts in international privacy regulations like the GDPR, so as you’d expect, we take a rigorous approach to our own compliance. Using the Trace® platform helps ensure we embed compliance into operations by keeping our data map up to data as a living inventory and audit.
Our whole approach is informed by an ethos of privacy and accountability which forms the bedrock of our purpose.
privacy by design
Trace® has been built for privacy and risk mitigation—minimising data collection and duplication—focusing on the meta data. This means that when you use our software, we won’t ask you for any customer data; rather, we’ll only ask you for your information to run your account.
Our approach is Privacy By Design. Read more in our Privacy Promise.
Leading Security
We never compromise on security. Our platform is built on Microsoft Azure infrastructure with state of the art, multi-layered security (certified to ISO 27001, 27017, 27018, 27701). This means when using your Trace® account, in-app account data is securely hosted in the UK and data is encrypted at rest and in transit. We do continuous vulnerability app scanning, and regular penetration testing.
For online payments, we use Stripe, which is certified PCI Service Provider Level 1—the most stringent industry level.
Trust but verify
You’re only as strong as your weakest link. That’s why due diligence on third party processors is critical. Trace® helps you assess your data processors’ compliance posture by helping you check whether data is being processed in a an adequate country; and that they have the right contractual, organisational and technical measures in place to safeguard data.
We also carefully vet our own partners. For details of sub-processors see our Terms of Service.
Trace® is trusted by
Frequently asked questions (FAQs)
-
It doesn’t matter what industry or sector you’re in. If you process personal data (like most organisations), you need to comply with the relevant Data Protection regulations and be good custodians. Trace® can be used by many different types of business who want to make compliance as streamlined and easy as possible.
The GDPR is extra-territorial: use Trace® if you are in Europe and need to comply or if your organisation offers goods or services to European citizens or monitors them. Trace® is designed for organisations who want to demonstrate compliance and data protection to build trust, wherever they are in the world (our data visualiser maps to all global data protection regulations).
-
Your personal and business data are safe with us. Trace® has been created by Data Protection experts and our approach is always Privacy and Security by Design. When it comes to your payment data, all credit card transactions are processed using bank-level, PCI-compliant SSL encryption. We use carefully vetted partners like Stripe and Microsoft Azure who use best-in-class security systems. The content of your account and data map is entirely private unless you choose to share it via the export feature. For more on data security, see our Privacy Promise.
-
We offer our Trace® app as a managed application for our clients (and clients can also use it directly and have access via a Team account). Using the Trace® app alongside consultancy works brilliantly, as getting data protection and governance right requires the right process, people and tech: the platform builds evergreen processes and drives collaboration, while consultants provide point support, toolkits, coaching and expert advice. We also partner with OneTrust and BigID for enterprises using data governance tools.
Get in touch with us
Still have questions in mind? Talk to our data protection expert today.