Privacy Policy | TracePlot

Last updated: 2026-04-05

TracePlot helps businesses collect supplier data, verify plot locations, assess deforestation risk, and prepare due diligence records under the EU Deforestation Regulation, Regulation (EU) 2023/1115, as amended ("EUDR").

This Privacy Policy explains how TracePlot handles personal data:

when TracePlot decides why and how the data is used itself; and
when TracePlot handles personal data on behalf of a customer using TracePlot for EUDR workflows.

Because TracePlot supports EUDR workflows, we may handle exact plot coordinates or polygons. If that data can identify a person directly or indirectly, we treat it as personal data.

If anything in this policy is unclear, contact us at privacy@traceplot.com.

1. Which situation are you in?

If you are	TracePlot usually acts as	Who to contact first
A website visitor, sales lead, or someone requesting a demo or trial	Controller for website, enquiry, and website-security data	TracePlot
A customer user, admin, or billing contact	Controller for account, authentication, billing, support, and service-security data	TracePlot
A supplier or other person asked by a customer to use the TracePlot portal or whose data appears in a customer workspace	Controller for portal account, invitation, login, and service-security records; processor for most supplier, plot, product, shipment, and due diligence content in the customer workspace	Contact the customer first for compliance data. Contact TracePlot directly for portal access, login, or security issues

2. Who we are

TracePlot is operated by:

Ed4.One Corp
United States

You can contact us at:

Privacy: privacy@traceplot.com
General support: support@traceplot.com
Legal: legal@traceplot.com
Data Protection Officer, if appointed: Not appointed at this time
EU representative, if applicable: Not designated at this time

For GDPR purposes, TracePlot is the controller for the processing described in Section 4, unless this policy says we are acting on a customer's instructions.

3. When TracePlot is a controller, and when we are a processor

Under data protection law, a controller decides why and how personal data is used. A processor handles personal data on the controller's instructions.

TracePlot usually acts as a controller when we run our own website and service operations. That includes:

website visits, cookie preferences, demo requests, and sales conversations;
customer account setup, authentication, billing, and support;
product reliability, fraud-prevention, and security logging; and
supplier portal invitations, portal accounts, sign-in records, and service-security records.

TracePlot usually acts as a processor when a customer uses TracePlot for its own EUDR workflow and decides why supplier, plot, product, shipment, and due diligence data is needed.

In plain terms:

TracePlot decides how the website, accounts, billing, login, and platform security work.
The customer usually decides why supplier and compliance data is collected inside its workspace.

For supplier portal workflows, this split matters:

TracePlot is usually the controller for the portal account itself, including invitations, sign-in, fraud prevention, and service-security logging.
The customer is usually the controller for the supplier, plot, product, shipment, and due diligence content submitted through that portal for the customer's compliance workflow.
If a specific workflow uses a different allocation of responsibilities, the relevant contract or collection notice should explain that.

4. Personal data TracePlot controls

When GDPR requires a legal basis, TracePlot usually relies on one or more of these:

Contract: to provide the service you or your company asked for.
Pre-contract steps: to answer your request for a demo, trial, or more information before a contract starts.
Legal obligation: to comply with laws that apply to us, such as tax, accounting, or regulatory requirements.
Legitimate interests: a reasonable business need to run, secure, improve, and defend our service in a way that does not override your rights.
Consent: where the law requires it, mainly for optional tracking technologies.

Category	Typical data	Why we use it	Main legal basis	Retention
Website, demo, and enquiry data	Name, work email, company, job title, message content, meeting notes, IP address, browser, and device information	To run the website, answer questions, arrange demos, provide trial access, and prevent abuse	Pre-contract steps; legitimate interests	Up to 24 months after the last meaningful contact
Customer account and authentication data	Name, work email, password hash or SSO identifier, workspace role, and settings	To create accounts, authenticate users, manage permissions, and provide the service securely	Contract; legitimate interests	While the account is active and up to 90 days after closure, except where related billing or security records require a different retention period
Billing and contract administration data	Billing contact details, company name, address, VAT or tax ID, invoice history, payment status, subscription details, and limited payment metadata from our payment provider	To bill customers, manage subscriptions, prevent fraud, and keep legally required records	Contract; legal obligation; legitimate interests	For the statutory retention period that applies to our accounting, tax, and contract records
Support and service communications	Emails, tickets, chat messages, call notes, attachments, and account-management communications	To respond to requests, troubleshoot issues, improve support quality, and keep service records	Contract; legitimate interests	Up to 24 months after the matter is closed, unless longer retention is needed for a dispute, legal hold, or security incident
Supplier portal invitation and account data	Supplier name, work email or phone, organization name, invitation status, preferred language, login history, and account status	To create and secure portal access, communicate about submissions, prevent fraud, and operate the portal	Contract for portal access; legitimate interests	While the portal account is active and up to 90 days after closure, except where related security or legally required audit records require a different retention period
Service usage and security logs	Session identifiers, authentication events, error logs, device information, IP-based approximate location, and audit events	To keep the service reliable, detect misuse, investigate incidents, and protect the platform	Legitimate interests; contract where needed to deliver the service	Security logs are usually kept for up to 12 months. Operational logs are usually kept for up to 24 months unless we need longer for an incident, dispute, or legal claim
Strictly necessary cookies and settings data	Session or preference identifiers and privacy-choice records where used	To keep the website or product working, remember settings, and support security	Legitimate interests and the ePrivacy exemption for strictly necessary technologies	Session-based or until you change or reset the relevant setting

TracePlot is not designed to collect special category data such as health data, biometric data, information about political opinions, religion, or trade union membership. Please do not upload that kind of information unless it is strictly necessary, lawful, and clearly covered by your agreement with us.

5. Personal data TracePlot processes for customers

When a customer uses TracePlot for EUDR workflows, the customer usually decides why the following data is processed. In those situations, TracePlot acts mainly as a processor under the customer contract and Data Processing Agreement.

Data type	Examples	Main controller	TracePlot role
Supplier and business contact records	Supplier names, business contact details, farm owner details, cooperative contacts, and declarations	The customer using TracePlot	Processor
Plot and geolocation data	GPS points, polygons, GeoJSON files, land parcel identifiers, plot photos, maps, and related evidence	The customer using TracePlot	Processor for the compliance record. TracePlot separately controls only the portal-account and service-security records described in Section 4
Product, shipment, due diligence, and supporting evidence	Commodity data, origin data, HS codes, shipment details, risk outputs, due diligence statements, audit trail entries, declarations, and supporting documents	The customer using TracePlot	Processor

Retention for customer-controlled EUDR records is set mainly by the customer contract, the Data Processing Agreement, customer instructions, and applicable law. In many EUDR workflows the customer must keep core records for at least 5 years. Depending on the record type, that 5-year period may run from the relevant due diligence statement, the placing on the EU market, or the export event.

If your personal data appears only in a customer workspace, that customer is usually your main privacy contact. TracePlot will answer requests about the data it controls directly and will help the customer respond where TracePlot processes data only on the customer's instructions.

6. Supplier and geolocation data

TracePlot is built for EUDR workflows, so some records may contain exact plot-level data such as GPS points, polygons, GeoJSON or similar boundary files, land parcel identifiers, maps, supporting photos, and related documents.

Exact geolocation can be personal data when it identifies a natural person directly or indirectly. That can happen, for example, when a farm boundary or point location is linked to a named farmer, landholder, or sole trader.

We only collect, display, and retain the level of geolocation detail needed for the relevant workflow. We also treat precise geolocation as sensitive in practice even when it is not special category data.

If you are a supplier using the TracePlot portal:

the customer usually decides why your buyer needs the compliance data and is usually the main privacy contact for that content;
TracePlot runs the portal, secures your account, records sign-in and service-audit events, and transmits submitted data through the service;
exact coordinates or polygon files may be available to the relevant customer and its authorized users, to TracePlot personnel or service providers who need access to host, secure, support, or verify the workflow, and to regulators or official systems where submission or disclosure is legally required; and
if required geolocation or supporting records are not provided, the customer may be unable to complete the EUDR workflow or place the relevant goods on the EU market.

We restrict access to precise geolocation by role and do not use raw coordinates for advertising or unrelated marketing.

7. Where personal data comes from

We may receive personal data:

directly from you, for example when you fill in a form, request a demo, sign in, contact support, or use the supplier portal;
from your employer, customer admin, buyer, or another business counterparty, for example when they invite you to a workspace or portal;
from customers or suppliers using the platform, for example when they upload supplier records, plot data, shipment data, or supporting documents;
from service providers and integrations, such as payment providers, identity providers, and communications tools; and
from public or licensed sources used to support compliance workflows, such as geospatial imagery, mapping layers, and regulatory datasets.

If TracePlot acts as the controller for personal data that we did not obtain directly from you, we usually provide this policy or a supplemental notice through the invitation flow, the supplier portal, or our first direct communication with you.

We share personal data only where there is a valid reason to do so.

When TracePlot acts as a controller, we may share personal data with:

hosting, infrastructure, identity, and security providers that help us run and protect the service;
payment providers that help us process invoices and payments;
email and communications providers that send invitations, login links, alerts, and service messages;
professional advisers such as lawyers, auditors, accountants, insurers, and security advisers;
authorities, courts, regulators, or law enforcement bodies where disclosure is required by law or needed to protect rights or safety; and
a buyer, investor, or successor entity in connection with a merger, acquisition, financing, or reorganization, under appropriate safeguards.

When TracePlot acts as a processor for a customer, we may disclose personal data:

to that customer and its authorized users;
to subprocessors and infrastructure providers we use to host, secure, support, and verify the platform on the customer's behalf;
to geospatial or verification providers used to retrieve map or satellite reference data for the workflow; and
to authorities or official systems where the customer instructs submission or disclosure, or where the law requires it.

We do not sell personal data.

You can request our current subprocessor list using the contact details in Section 2.

9. International transfers

TracePlot hosts core application data in the EU.

Some personal data may still be accessed from or processed outside the EEA in limited cases, for example when:

a user accesses the service from another country;
a payment, communications, support, or verification provider operates from another country; or
limited support or security access is needed from another country.

When that happens, we use the safeguard that fits the transfer, such as:

an adequacy decision issued by the European Commission;
the European Commission's Standard Contractual Clauses, which are a standard set of data-protection commitments approved by the European Commission; or
the EU-U.S. Data Privacy Framework for a provider that is certified for the relevant processing.

We also use supplementary measures where needed, such as encryption, access controls, and restricted support access.

If you want more information about the safeguard that applies to a particular transfer, contact us using the details in Section 2.

10. Your rights and how requests are handled

If TracePlot controls your personal data, contact TracePlot directly. If TracePlot only processes your personal data for a customer, contact that customer first. If your request covers both TracePlot-controlled portal data and customer-controlled compliance data, we may answer the part we control directly and forward or coordinate the rest with the customer.

If TracePlot is the controller for your personal data, you may have the right, depending on applicable law, to:

ask for access to your personal data;
ask us to correct inaccurate or incomplete data;
ask us to delete data in some situations;
ask us to restrict how we use data in some situations;
object to processing based on legitimate interests;
object to direct marketing or unsubscribe from marketing emails at any time;
ask for a portable copy of data you provided to us;
withdraw consent at any time where we rely on consent; and
complain to a supervisory authority.

We may need to verify your identity before acting on a request. Where GDPR applies, we normally respond within one month, although the law allows more time in some cases.

Where EUDR or another legal obligation requires retention, we may refuse or limit an erasure request for that data. If that happens, we will explain what must still be kept, why it must be kept, and how we will limit further use of the retained data to compliance, security, or legal recordkeeping purposes.

11. Automated analysis and decision support

TracePlot may use automated tools, including geospatial and rules-based checks, to flag possible deforestation risk, missing information, or inconsistencies in submitted records.

These outputs are decision-support tools. They support human review. TracePlot does not use them to make solely automated decisions about individuals that have legal or similarly significant effects.

12. Security and breach response

We use technical and organizational measures designed to protect personal data. These measures include role-based access controls, encryption in transit, encryption at rest where supported, audit logging, vendor due diligence, backup controls, and restricted access to precise geolocation and compliance data.

No system is perfectly secure. If we become aware of a personal data breach, we will investigate it promptly and notify the relevant customer, supervisory authority, or affected individuals where the law requires it.

13. Cookies and similar technologies

We currently use only strictly necessary cookies or similar technologies needed to operate the website or product, such as login, session security, load balancing, and remembering privacy or product settings.

We do not currently use non-essential analytics or advertising cookies on our website. If that changes, we will ask for consent before using them where the law requires it.

Any optional cookies or similar technologies will be disabled by default unless and until you choose them where the law requires consent. You will be able to accept or reject them by category and change your choice later.

14. Children's data

TracePlot is designed for business use. It is not directed to children, and we do not knowingly collect personal data from anyone under 16.

If we learn that we have collected personal data from a child under 16 without a valid legal basis, we will take steps to delete it.

15. Changes to this Privacy Policy

We may update this Privacy Policy from time to time.

If we make a material change, we will post the updated version on our website or inside the product and, where appropriate, notify you by email or in-product notice. The "Last updated" date at the top of this page shows when the current version took effect.

16. Contact us

If you have a privacy question or want to exercise your rights, contact:

Ed4.One Corp
Privacy: privacy@traceplot.com
Support: support@traceplot.com
Legal: legal@traceplot.com
Company location: United States
Formal legal notices: email legal@traceplot.com for current notice instructions