Trust Center

Device identification signal payloads are encrypted end-to-end before transit, then wrapped in AES-256-GCM for transport. At rest, all visitor data is encrypted with AES-256. API keys are bcrypt-hashed and never stored in plaintext.

tracio.ai collects device signals, not personal data. All signals are hashed client-side using one-way hashing before transmission. No names, emails, browsing history, or cross-site tracking. Visitor IDs are one-way hashes that cannot be reversed.

Choose EU or US data residency at account creation. Visitor data never leaves your selected region. No cross-region replication, no third-party data sharing, no secondary data monetization. You own every byte.

Least-privilege RBAC with scoped API keys, IP allowlisting, and mandatory MFA for admin accounts. Enterprise plans include SSO/SAML integration with Okta, Auth0, and Azure AD.

Comprehensive audit logging covers every API call, configuration change, key rotation, and admin action. Logs are immutable, exportable, and retained for 12 months. Enterprise plans include SIEM integration.

24/7 automated monitoring with PagerDuty escalation. Documented incident response runbooks with severity classification (P0-P3). Mean time to acknowledge: 5 minutes. Mean time to resolve: 2 hours.