Privacy Policy

Traceo is committed to protecting the privacy of its users. This privacy policy explains how we collect, use, store, and protect your personal data when you use our website and application.

By using our services, you accept the practices described in this policy.

The controller responsible for processing personal data is:
TRACEO HACCP (simplified joint-stock company)
Registered office: 16 Hameau de Mesmeur, 29120 Tréméoc, France
SIREN: 999 358 856 - SIRET (registered office): 999 358 856 00014
VAT number: FR95 999358856
Email: [email protected]

We may collect the following types of data:

• Identification data: first name, last name, professional email address
• Connection data: IP address, browser type, connection timestamps
• Operational data: temperature logs, goods receipt records, HACCP reports
• Business data: establishment name, address, professional contact information

Your data is collected for the following purposes:

• Provide and improve our HACCP management services
• Manage your user account and authentication
• Generate food compliance reports
• Ensure the security of our platform
• Respond to your support requests
• Comply with our legal obligations

The processing of your data relies on:

• Performance of a contract: to provide the services you subscribed to
• Legal obligation: to comply with HACCP regulations and food record retention requirements
• Legitimate interest: to improve our services and ensure security

Your personal data is kept for as long as you use our services and then archived in accordance with the legal obligations applicable to the food sector (generally 5 years for HACCP records).

Connection data is retained for up to 12 months for security purposes.

Your data is never sold to third parties. It may be shared with:

• Our technical processors: hosting (Cloudflare), storage (Scaleway)
• Competent authorities: where legally required or pursuant to a judicial request

All our processors are bound by contractual confidentiality and security obligations in compliance with GDPR.

Some data may be transferred to countries outside the European Union (in particular the United States for Cloudflare). These transfers are governed by standard contractual clauses approved by the European Commission.

Under GDPR, you have the following rights:

• Right of access: obtain a copy of your personal data
• Right to rectification: correct inaccurate data
• Right to erasure: request deletion of your data
• Right to restriction: restrict the processing of your data
• Right to portability: receive your data in a structured format
• Right to object: object to the processing of your data

To exercise these rights, contact us at: [email protected]

You also have the right to lodge a complaint with the CNIL (www.cnil.fr).

We implement appropriate technical and organizational measures to protect your data against unauthorized access, loss, destruction, or alteration, including:

• Encryption of data in transit (HTTPS/TLS)
• Encryption of data at rest
• Secure authentication using JWT tokens
• Role-based access controls
• Regular backups

Our website only uses technical cookies essential to the operation of the service. We do not use tracking, advertising, or analytics cookies.

This policy may be updated periodically. In the event of a substantial change, we will inform you by email or through a notification on our platform.

For any questions regarding this privacy policy or your personal data:
Email: [email protected]