Information Security & Privacy
International Standards & Highest Level Security
Your system is protected by the most stringent international standards
ISO 27001
The service runs on cloud infrastructure holding a valid ISO 27001 certification
99.5% SLA
Guaranteed availability
Tier-3 Data Centers
Israel and Europe
Why Choose Tracer for Security?
We don't just provide a technological solution - we guarantee complete peace of mind. With international standards, secure data centers, and a professional security team, your data is safe with us.
End-to-End Encryption
TLS in transit and AES-256 at rest
Role-Based Access Control
Fine-grained role-based permissions; the system infrastructure supports two-factor authentication (MFA)
Distributed Backups
Data history up to 400 days stored in secure Tier-3 clouds in Europe with geographic redundancy
Rapid Response
Commitment to notify the database owner of a security incident without undue delay and in accordance with legal requirements, and in any case within 48 hours at the latest
Frequently Asked Questions about Data Security and Privacy
Detailed answers to the most common questions about data security, privacy protection, and regulatory compliance
Your telematics data is securely stored in advanced Tier-3 data centers in the European Economic Area (EEA). Accounting and billing information is stored in secure facilities in Israel, a country holding an EU Adequacy decision. The information is fully encrypted both at rest and in transit between servers. We implement regional replication to ensure high availability and rapid recovery when needed. Our cloud infrastructure meets the strictest international security standards and is regularly audited by external professional entities.
In the event of a security incident detection, we immediately activate our emergency response protocol. Within 48 hours, we notify data controllers of the incident and detail the scope of impact. Simultaneously, we block the threat source and implement additional protective measures. Throughout the process, we update clients on progress and remediation measures taken, until complete incident closure and continued monitoring.
Absolutely. As part of compliance with Amendment 13, we have appointed a Data Protection Officer (DPO) responsible for implementing the company's privacy protection policy, available for any privacy-related inquiry at [email protected]. In addition, we have attached a Data Processing Agreement (DPA) appendix for all our clients, in accordance with the Information Security Regulations.
By default, the Tracer system tracks only during the working hours defined by the client (the database owner). Outside those hours, access to location data is blocked, both in real time and in historical reports. Continuous (24/7) tracking is possible only where the client has explicitly chosen it and has obtained the drivers' written consent in advance, in accordance with the law. This is part of our privacy policy to maintain the proper balance between business needs and drivers' privacy rights.
A driver wishing to delete their data should contact their employer directly, who is the legal database owner. Upon receiving explicit instruction from the client, we carry out the deletion or anonymization of the relevant data within a reasonable time and in accordance with legal requirements, typically up to 14 days, and provide written deletion confirmation to the client. Every deletion process is documented and conducted while ensuring the integrity of the remaining data in the system.
Only specifically authorized employees can access data, subject to role-based access control. The system infrastructure supports two-factor authentication (MFA). Every system access action is automatically recorded in a digitally signed log retained for at least two years. We conduct periodic reviews of access permissions and update them as needed. Employees undergo continuous training on data security and privacy and must sign professional confidentiality commitments.
We provide full capability to export data in standard formats (CSV/JSON) before account closure. This allows you to transfer the information to the new provider seamlessly. After account closure and data transfer, the data is deleted within 3 months in accordance with our retention policy. We provide official deletion confirmation so you can be assured the data has indeed been completely removed from our systems.
When a client ends the engagement and disconnects, the data is deleted within 3 months. Earlier deletion can be requested at any time by explicit request, and we will carry it out accordingly. Upon completion of the deletion process, we provide written confirmation. Where a retention obligation exists under law, we will retain only the information required and only for the period required.
Certainly. We will provide documentation of the valid ISO 27001 certification of the cloud infrastructure and the subcontractors on which the service operates, as well as a description of the technical and organizational controls Tracer implements (Statement of Applicability). We can also provide additional security documents such as penetration testing reports and technical specifications, as needed by your organization.
Information about your data will be transferred to an external party only in cases where there is a signed court order or legal requirement from an authorized authority. Even in such cases, we transfer only the minimum information required by law and no more. We fight for your rights when necessary and inform you of any such inquiry in accordance with law, unless such notification is explicitly prohibited by court order.
Ready to Get Started?
Join over 2,000 organizations that already trust Tracer with their data