Sign inGet Started

Compliance

Last updated May 21, 2026

Compliance means two distinct things at Traceage: the standards we help our customers meet through the platform, and our own posture as a service provider that processes their data. This page covers both.

Standards We Help Customers Meet

Traceage is built around traceability — a verifiable record of a product’s journey through the supply chain. That record is the foundation customers use to demonstrate compliance with the frameworks that govern their industry, including:

  • HACCP — structured hazard analysis and critical control point monitoring, with the records auditors expect.
  • FDA FSMA 204 — traceability records and Key Data Elements for foods on the Food Traceability List.
  • EU Regulation 178/2002 — one-step-back, one-step-forward traceability across the food supply chain.
  • ISO 22000 — food safety management system evidence and documentation.
  • ISO 9001 — quality management process records and continuous improvement tracking.

Traceage provides the system of record and the workflows; responsibility for certification and for the accuracy of submitted data rests with the customer organisation.

Our Own Compliance Posture

  • Data protection — Traceage acts as a data processor for customer data and as a controller for the account and billing data we collect directly. Our practices are described in the Privacy Policy.
  • GDPR — we support customer GDPR obligations through data access, export, and deletion capabilities, and we contract our sub-processors under appropriate safeguards.
  • Data residency — region-specific data residency options are not yet available; current processing regions are listed in the Privacy Policy.
  • Data Processing Agreement — a DPA for customers acting as controllers will be made available; contact us in the meantime at compliance@traceage.io.

Audit Trail and Evidence

Compliance depends on being able to show what happened and when. Traceage records security- and data-relevant events — sign-ins, permission changes, record edits, and data exports — so customers can produce a defensible audit trail. Audit data can be reviewed and exported to support internal reviews and external audits.

Security

Compliance and security are closely linked. For details on encryption, access controls, infrastructure hardening, and our assessment roadmap, see the Security page.