TraceScanMatch is built to help compliance teams meet their obligations, including under the EU General Data Protection Regulation. This page explains our roles, the rights of data subjects, and how we handle data on your behalf.
Last updated: June 2026For the personal data your team submits into a workspace, your organization is the data controller and TraceScanMatch acts as a data processor that processes it under your instructions.
For account and website data we collect to run our business, TraceScanMatch acts as the controller.
We process personal data only where there is a lawful basis: to perform our contract with you, to pursue legitimate interests in operating a secure and reliable service, to meet legal obligations, or with consent where required.
The GDPR gives individuals rights over their personal data. We support you in honoring requests to:
If you are an individual whose data may be in a customer workspace, please contact that organization, since they control the data. If you are a customer who needs to fulfill a data subject request, contact us and we will assist as your processor.
We apply appropriate technical and organizational measures to protect personal data. Workspace content is encrypted, workspaces are isolated, and access is limited to authorized members. See our Security page for more.
We rely on a limited set of vetted sub-processors to operate the platform, bound by data-protection terms. Where personal data is transferred across borders, we use appropriate safeguards as required by law.
Customers who require a Data Processing Agreement can request one by contacting privacy@tracescanmatch.com.