Privacy Policy

1. Data Controller

ZeroTrace E-Mail: privacy@zerotrace.io ZeroTrace is a GDPR data access and removal service. We act as both the data controller for your account data and the data processor when submitting GDPR requests on your behalf.

2. Personal Data We Collect

We collect the following personal data when you create an account:

• Full name (first and last name)
• Email address
• Home address (street, city, postal code, country)
• Phone number (optional)
• Digital signature (Power of Attorney authorization)
• Payment information (processed securely by Stripe — we never store card details)
• Account credentials (password stored as a cryptographic hash by Supabase)

3. Purpose and Legal Basis (GDPR Art. 6)

We process your personal data for the following purposes:

• Contract performance (Art. 6(1)(b) GDPR): To identify your records at data brokers and send legally binding GDPR access and erasure requests on your behalf.
• Consent (Art. 6(1)(a) GDPR): Your signed Power of Attorney authorizes us to act as your legal representative.
• Legitimate interest (Art. 6(1)(f) GDPR): To improve our service, prevent fraud, and ensure platform security.
• Legal obligation (Art. 6(1)(c) GDPR): To comply with applicable EU laws, tax regulations, and data protection requirements.

4. Data Sharing

Your personal data is shared exclusively for the purpose of exercising your data protection rights:

• Data brokers and people-search sites: We send your name, email, and address in GDPR requests to identify and remove your records. This is the core purpose of our service.
• Supabase (EU): Authentication and database hosting.
• Stripe (PCI-DSS certified): Secure payment processing. We never see or store your full card number.
• Brevo (EU): Transactional email delivery for GDPR requests sent on your behalf.

5. Data Retention

We retain your personal data only for as long as necessary to provide our service. If you cancel your subscription, we delete your personal data within 30 days. Scan history and request logs are anonymized after deletion. You can request immediate and complete deletion of all your data at any time by contacting privacy@zerotrace.io.

6. Your Rights Under GDPR

As an EU resident, you have the following rights under the GDPR:

• Right of access (Art. 15) — Obtain a copy of all personal data we hold about you.
• Right to rectification (Art. 16) — Correct any inaccurate personal data.
• Right to erasure (Art. 17) — Request deletion of your personal data.
• Right to restriction (Art. 18) — Restrict the processing of your data.
• Right to data portability (Art. 20) — Receive your data in a machine-readable format.
• Right to object (Art. 21) — Object to the processing of your personal data.
• Right to lodge a complaint with a supervisory authority.

To exercise any of these rights, contact us at privacy@zerotrace.io. We will respond within 30 days.

7. Cookies

ZeroTrace uses only essential cookies required for authentication and session management. We do not use tracking cookies, analytics cookies, or any third-party advertising cookies. No consent banner is required because we only use strictly necessary cookies as defined by GDPR Art. 5(3) of the ePrivacy Directive.

8. Security

We implement industry-standard security measures including TLS encryption for all data in transit, encrypted database storage, secure password hashing, and access controls. Payment data is handled exclusively by Stripe (PCI-DSS Level 1 certified). We regularly review our security practices to ensure compliance with GDPR Art. 32 (Security of processing).

9. Contact

For any questions about this privacy policy or your personal data: ZeroTrace E-Mail: privacy@zerotrace.io You also have the right to lodge a complaint with your national data protection authority.