Back to Help

Security & Privacy

Where is my data stored?

Data residency, GDPR compliance, and security overview.

We take this seriously. Here's the unfiltered version.

Where data lives

  • Mobile app local data — on your device, in a SQLite database. Never leaves your phone unless you sync.
  • Cloud-synced data — Supabase project hosted in the EU (London / West Europe region). Postgres + Storage for SOR curve files.
  • Payment data — Stripe (US-incorporated, GDPR-compliant). We never see or store card numbers.
  • Email — Resend (EU sending region for transactional email).
  • Edge functions — Vercel (deployed at edge globally, but our specific routes run in London region).
  • Authentication tokens — Supabase Auth, EU region.

For Company tier customers in regulated environments (offshore wind, utilities, government), all customer-trace data sits in EU jurisdiction by default.

What we collect

  • Trace data — .SOR file contents you upload, parsed metadata, your analysis history
  • Account data — email, name, organisation, billing address
  • Usage telemetry — anonymous performance metrics (page load time, API response time) via Vercel Analytics + Sentry for error tracking
  • No tracking pixels, no ad networks, no third-party data sharing

What we DON'T do

  • Sell your data to anyone (we are a paid SaaS, not an ad business)
  • Train AI models on your private trace data
  • Share your data with the OTDR manufacturers
  • Access your data without explicit support consent

GDPR rights

You can at any time:

  • Export everything — request a full data export, including all trace files and metadata
  • Delete everything — visit tracelogicpro.co.uk/account-deletion for the self-service deletion form
  • Correct — update your account details directly in the dashboard

Email info@tracelogicpro.co.uk for export requests; we respond within 30 days per GDPR.

Security

  • Encryption in transit — TLS 1.3 everywhere
  • Encryption at rest — Supabase Postgres uses AES-256
  • Authentication — Supabase Auth with optional 2FA (coming Q3)
  • Access logs — every admin operation logged for audit
  • Row-level security — engineers can only see their assigned cables; owners see everything in their org

Sub-processors

Full list maintained in our Privacy Policy. Notable ones:

  • Supabase (EU) — database, auth, storage
  • Vercel (US, with EU-region functions) — hosting + edge
  • Stripe (US, GDPR-compliant) — payments
  • Resend (EU) — transactional email
  • Upstash (EU) — Redis cache layer
  • Anthropic (US) — AI diagnostic queries when used

If you're under a data processing agreement (DPA) that needs us to sign something specific, email info@tracelogicpro.co.uk — we have a standard DPA we can countersign.

Still need help?

Couldn't find what you needed in this article? Our team is happy to help.

Contact Support
20-Minute Demo

See TraceLogic in action

Book a quick walkthrough with our team. We'll show you the diagnostic engine, BiDi calculator and offline workflow on real fibre data.

Book DemoOr contact sales →