Information Security & Privacy

All your data is securely stored in advanced Tier-3 data centers in Europe. The information is fully encrypted both at rest and in transit between servers. We implement regional replication to ensure high availability and rapid recovery when needed. Our cloud infrastructure meets the strictest international security standards and is regularly audited by external professional entities.

In the event of a security incident detection, we immediately activate our emergency response protocol. Within 48 hours, we notify data controllers of the incident and detail the scope of impact. Simultaneously, we block the threat source and implement additional protective measures. Throughout the process, we update clients on progress and remediation measures taken, until complete incident closure and continued monitoring.

Absolutely. As part of full compliance with privacy regulations, we have appointed a certified Data Protection Officer (DPO) responsible for implementing privacy protection policies within the company. Additionally, we have added a Data Processing Agreement (DPA) appendix for all our clients in accordance with regulatory requirements. The DPO is available for any privacy-related inquiries and leads implementation of required legal changes.

Absolutely not. The data controller (employer/client) sets the working hours for each driver in the system. Outside the defined time range, the Tracer system completely blocks client access to location information. This means no map points appear in the real-time system nor in historical reports. This is a vital part of our privacy policy to maintain the proper balance between business needs and drivers' privacy rights.

A driver wishing to delete their data must contact their employer directly, who is the legal data controller (employer/client). Upon receiving explicit instruction from the client, we delete or anonymize the relevant data within 60 business days. Every deletion process is documented and we provide written confirmation of deletion completion to the client. The process is conducted in accordance with legal requirements while ensuring the integrity of remaining system data.

Only specifically authorized employees can access data, and each undergoes mandatory multi-factor authentication (MFA). Every system access action is automatically logged in a digitally signed log maintained for at least two years. We conduct periodic reviews of access permissions and update them as needed. Employees undergo continuous training on data security and privacy and must sign professional confidentiality commitments.

We provide full capability to export data in standard formats (CSV/JSON) before account closure. This allows you to transfer information to the new provider seamlessly. After account closure and data transfer, all your information is automatically deleted from our servers according to retention policy. We provide official deletion confirmation so you can be assured the data has been completely removed from our systems.

We retain data for a period of up to 36 months maximum after contract termination. This period is necessary to enable required safety inspections, meet insurance company requirements, and fulfill legal obligations. At the end of the period, all data is automatically deleted without exception. The client can request earlier deletion if required, depending on specific circumstances.

Certainly. We provide a signed copy of our ISO 27001 certificate and detailed Statement of Applicability (SoA) upon request. The documents include full details of technical and organizational controls we implement. Additionally, we can provide supplementary security documents such as penetration testing reports, additional regulatory certificates, and technical specifications as needed by your organization.

Information about your data will be transferred to an external party only in cases where there is a signed court order or legal requirement from an authorized authority. Even in such cases, we transfer only the minimum information required by law and no more. We fight for your rights when necessary and inform you of any such inquiry in accordance with law, unless such notification is explicitly prohibited by court order.