Privacy Policy

Last Updated: January 15, 2025
Effective Date: January 15, 2025

1. Overview
2. Information We Collect
3. How We Use Your Information
4. Information Sharing and Disclosure
5. Data Storage and Security
6. Data Retention and Disposal
7. Your Rights and Choices
8. Compliance and Certifications
9. Policy Updates
10. Contact Information

1. Overview

Trace ("we," "our," or "us") is committed to protecting the privacy and security of your personal information. This Privacy Policy describes how we collect, use, process, store, share, and dispose of information when you use our e-commerce management platform and related services (the "Services").

Our Services help e-commerce businesses manage their operations across multiple marketplaces including Amazon, Walmart, eBay, and others. We process data on behalf of our clients and handle marketplace data in accordance with strict security and privacy standards.

                Key Principle: We operate under a data minimization approach, collecting and processing only the information necessary to provide our Services effectively and securely.
            

2. Information We Collect

2.1 Client Business Information

Account Information: Business name, contact details, billing information, and marketplace credentials
Product Data: Product listings, SKUs, descriptions, pricing, and inventory levels
Order Information: Order details, transaction data, and fulfillment status
Performance Metrics: Sales data, marketplace performance indicators, and analytics

2.2 Customer Data (Processed on Behalf of Clients)

Shipping Information: Customer names and addresses for order fulfillment and shipping label generation
Order Details: Purchase history, order status, and tracking information
Communication Data: Customer service interactions and feedback management

2.3 Technical Information

System Data: API usage logs, system performance metrics, and error reports
Security Logs: Access logs, authentication records, and security event data
Usage Analytics: Platform usage patterns and feature utilization data

3. How We Use Your Information

3.1 Service Provision

Managing marketplace operations and inventory synchronization
Processing orders and generating shipping labels
Automating pricing strategies and competitive analysis
Facilitating customer communication and feedback management
Providing analytics and performance reporting

3.2 Platform Operations

Maintaining system security and preventing unauthorized access
Monitoring system performance and troubleshooting issues
Improving our Services through analytics and user feedback
Ensuring compliance with marketplace requirements and regulations

3.3 Legal and Compliance

Complying with applicable laws and regulations
Responding to legal requests and protecting our rights
Maintaining accurate financial and tax records
Conducting security investigations and fraud prevention

4.1 Service Providers

We may share information with trusted third-party service providers who assist in delivering our Services, including:

Cloud infrastructure providers (AWS, Microsoft Azure)
Shipping carriers and logistics partners
Payment processors and financial institutions
Security and monitoring service providers

4.2 Marketplace Platforms

We share data with marketplace platforms (Amazon, Walmart, etc.) as necessary to provide our Services, including product listings, inventory updates, order processing, and customer communication.

4.3 Legal Requirements

We may disclose information when required by law, court order, or government regulation, or when necessary to protect our rights, property, or the safety of our users or others.

                No Sale of Data: We do not sell, rent, or trade personal information to third parties for marketing purposes.
            

5. Data Storage and Security

5.1 Data Storage Infrastructure

Primary Storage: SOC 2 Type II certified cloud infrastructure (AWS/Microsoft Azure)
Geographic Location: Data stored in secure facilities within the United States
Redundancy: Multi-region backup systems for data availability and disaster recovery

5.2 Encryption Standards

Data at Rest: AES-256 encryption for all stored data
Data in Transit: TLS 1.3 encryption for all data transmissions
Database Encryption: Transparent Data Encryption (TDE) for database systems
Key Management: Hardware Security Modules (HSM) and dedicated Key Management Systems

5.3 Access Controls

Multi-factor authentication for all system access
Role-based access control with principle of least privilege
Regular access reviews and automated deprovisioning
Comprehensive audit logging and monitoring

6. Data Retention and Disposal

6.1 Retention Periods

Active Client Data: Retained while providing Services and as required for business operations
Customer PII: Retained only as long as necessary for order fulfillment and legal requirements
Financial Records: Retained for 7 years in compliance with accounting standards
Security Logs: Retained for 2 years for security monitoring and compliance

6.2 Secure Disposal

When data is no longer needed, we securely dispose of it using:

NIST 800-88 compliant data sanitization methods
Cryptographic erasure for encrypted data
Physical destruction of storage media when necessary
Certificate of destruction for sensitive data disposal

7. Your Rights and Choices

7.1 Access and Correction

You have the right to access, correct, or update your personal information. Contact us to request access to your data or to make corrections.

7.2 Data Portability

You may request a copy of your data in a structured, machine-readable format to transfer to another service provider.

7.3 Deletion Rights

You may request deletion of your personal information, subject to legal and contractual obligations.

7.4 Opt-Out Options

You may opt out of non-essential communications and data processing activities where legally permissible.

8. Compliance and Certifications

8.1 Industry Standards

SOC 2 Type II: Annual compliance audits for security and availability
ISO 27001: Information security management system certification
PCI DSS: Payment card industry data security standards compliance

8.2 Privacy Regulations

GDPR: General Data Protection Regulation compliance for EU data subjects
CCPA: California Consumer Privacy Act compliance
PIPEDA: Personal Information Protection and Electronic Documents Act compliance for Canadian clients

8.3 Marketplace Compliance

We maintain compliance with data protection requirements of all supported marketplace platforms, including Amazon's data protection standards and Walmart's privacy requirements.

9. Policy Updates

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes through:

Email notifications to registered users
Prominent notices on our platform
Updated version posting on our website

Continued use of our Services after policy updates constitutes acceptance of the revised terms.

10. Contact Information

Privacy and Data Protection Inquiries

Email: privacy@trace.rocks

Data Protection Officer: dpo@trace.rocks

General Support: hello@trace.rocks

Phone: +1 201-252-7478

For immediate privacy concerns or data breach reports, please contact our Data Protection Officer directly at dpo@trace.rocks.