Skip to content
PricingDocs

Compliance & Certifications

Enterprise-grade compliance built into every layer. Your data, your region, your control.

Certification Timeline

We pursue industry-standard certifications to give you confidence in our security posture.

SOC 2SOC 2 Type IIJanuary 2026Certified

Independently audited against the AICPA Trust Services Criteria for security, availability, and confidentiality. Our SOC 2 Type II report covers a 12-month observation period.

What this means for you: You can request our full SOC 2 report under NDA. It demonstrates that our infrastructure, access controls, and data handling meet rigorous third-party standards.

GDPRGDPR CompliantSince LaunchCompliant

Full compliance with the EU General Data Protection Regulation. We process only technical device attributes — no personal content, no browsing history, no form data.

What this means for you: Data processing happens in your chosen region. We provide a signed Data Processing Agreement (DPA), maintain records of processing activities, and support Data Subject Access Requests.

ISOISO 27001In Progress — Q2 2026In Progress

ISO 27001 certification for our Information Security Management System is underway. We are working with an accredited certification body to complete the audit process.

What this means for you: Once certified, ISO 27001 provides additional assurance that our security controls meet international standards. Expected completion by June 2026.

Data Processing Agreement

Our DPA covers all data processing activities under GDPR Article 28. It includes standard contractual clauses, sub-processor lists, and technical and organizational measures.

  • GDPR Article 28 compliant processor terms
  • Standard Contractual Clauses (SCCs) included
  • Sub-processor list with change notification
  • 72-hour breach notification commitment
  • Data deletion upon contract termination

Download DPA

Pre-signed, ready to countersign

Region Selection

Choose where your data is processed and stored. Regional isolation ensures data sovereignty compliance.

EU (Frankfurt)

EU

AWS eu-central-1 — data never leaves the EU. GDPR-compliant by default.

US (Virginia)

US

AWS us-east-1 — low-latency processing for North American traffic.

Questions about compliance?

Our compliance team is available to discuss your specific requirements.

compliance@tracio.ai