TRACIO is designed with privacy as a core architectural principle. The system identifies devices without collecting any personally identifiable information (PII). All data stays in your chosen region (EU or US), giving you full control over data processing and retention.
TRACIO collects only technical browser signals. None of the 130+ signals contain personally identifiable information:
| What We Collect | What We Do NOT Collect |
|---|---|
| Canvas rendering hash | Names, emails, addresses |
| WebGL GPU parameters | Phone numbers |
| Audio processing characteristics | Social security numbers |
| Font availability | Credit card numbers |
| Screen resolution | Passwords |
| Browser version | Form input values |
| Timezone | Browsing history |
| Language preferences | Keystrokes |
The visitor identifier (visitorId) is a one-way hash derived from device characteristics. It cannot be reversed to recover the original signal values.
TRACIO operates entirely as a first-party service:
_tcid cookie is a first-party, HttpOnly, Secure cookie set on your domainWith TRACIO, you have complete control over:
No data ever leaves your infrastructure unless you explicitly configure it to do so (e.g., webhooks to your other services).
Under GDPR, you need a legal basis to process personal data. Device fingerprinting may be considered personal data processing depending on your jurisdiction and use case. Common legal bases include:
| Legal Basis | Use Case | Notes |
|---|---|---|
| Legitimate Interest (Art. 6(1)(f)) | Fraud prevention, bot detection, account security | Most common basis. Requires documented interest assessment. |
| Consent (Art. 6(1)(a)) | General visitor tracking, analytics | Requires explicit opt-in via cookie banner. |
| Contract Performance (Art. 6(1)(b)) | Essential service functionality | When identification is necessary to deliver the service. |
TRACIO sets one first-party cookie (_tcid) with a 365-day expiry. Under the ePrivacy Directive and GDPR:
tracio.getResult().import { Tracio } from "@tracio/sdk"
// Only initialize TRACIO after consent is grantedif (hasConsent("fingerprinting")) { const tracio = Tracio.init({ publicKey: "5ca175fc..." }) const result = await tracio.getResult()}TRACIO can operate without setting cookies. Signal collection still works, but confidence will be lower for returning visitors since there is no cookie-based shortcut:
import { Tracio } from "@tracio/sdk"
const tracio = Tracio.init({ publicKey: "5ca175fc..." })// Visitor identification still works via signal matching// but without the high-confidence cookie pathWhen using TRACIO, you are the data controller. You must handle data subject requests:
| Right | Implementation |
|---|---|
| Right of Access (Art. 15) | Query your database for all records associated with a visitorId |
| Right to Erasure (Art. 17) | Delete visitor records from PostgreSQL, Redis, and ClickHouse |
| Right to Rectification (Art. 16) | Update or correct stored visitor metadata |
| Right to Data Portability (Art. 20) | Export visitor data in machine-readable format (JSON) |
| Right to Restriction (Art. 18) | Mark visitor records as restricted (do not process) |
You are the data controller, so erasure is performed against the datastores you operate. To find the records for a request, look up the visitor via the Server API:
curl https://app.tracio.ai/api/v1/subscriptions/:id/visitors/X7fh2Hg9LkMn3pQr \ -H "Authorization: Bearer <clerk-session-jwt>"To satisfy an erasure request, remove the associated records from the backing stores you control:
TRACIO processes data in your chosen region (EU or US). You control all data processing. If you use managed services (AWS RDS, Redis Cloud, etc.) for the backing stores, ensure your DPAs with those providers cover fingerprint data.
Configure retention policies based on your requirements:
# Environment variables for retentionTRACIO_RETENTION_VISITOR_DAYS=365 # Visitor recordsTRACIO_RETENTION_EVENTS_DAYS=90 # Individual eventsTRACIO_RETENTION_ANALYTICS_DAYS=730 # ClickHouse analyticsTRACIO_RETENTION_VELOCITY_HOURS=24 # Velocity tracking data| Data Type | Recommended Retention | Rationale |
|---|---|---|
| Visitor records | 365 days | Matches cookie expiry. Returning visitors need history. |
| Event details | 90 days | Sufficient for fraud investigation and dispute resolution. |
| Analytics | 2 years | Long-term trend analysis and reporting. |
| Velocity data | 24 hours | Only needed for real-time rate calculations. |
| IP blocklist matches | 30 days | Threat intelligence is time-sensitive. |
TRACIO includes automated data cleanup jobs:
# Runs daily at 3 AM UTCTRACIO_CLEANUP_ENABLED=trueTRACIO_CLEANUP_SCHEDULE="0 3 * * *"The cleanup job:
TRACIO_RETENTION_VISITOR_DAYSTRACIO_RETENTION_EVENTS_DAYSTRACIO_RETENTION_ANALYTICS_DAYSrequirepass authentication_tcid cookie uses Secure and HttpOnly flagsFor data residency requirements, choose the required region:
| Region | Cloud Provider | Data Stays In |
|---|---|---|
| EU | AWS eu-central-1, Hetzner (Germany) | European Union |
| US | AWS us-east-1, DigitalOcean (NYC) | United States |
| UK | AWS eu-west-2 | United Kingdom |
| APAC | AWS ap-southeast-1 | Singapore/Asia Pacific |
All data processing occurs within your chosen region. No data replication across regions unless you explicitly configure it.