TradeShield
Home

Privacy policy

Last updated: 6/23/2026

1. Data controller

The data controller is the operator of the TradeShield platform. Data is processed to provide the compliance-as-a-service offering. Contact: contact@tradeshield.tech.

2. What data we collect

Email (for login and notifications), organization data (name, VAT ID, country), products and counterparties entered by you, action logs (audit log). We do not collect biometric data or special category data (GDPR Art. 9).

3. Legal basis

Art. 6(1)(b) GDPR — performance of a contract. Art. 6(1)(f) GDPR — legitimate interest (system security, fraud prevention).

4. Where we store data

Data is stored in the European Union (Frankfurt, Germany) via Supabase. AES-256 encryption at rest, TLS 1.3 in transit.

5. Your rights (GDPR)

Under GDPR you have the following rights:

  • Right of access (Art. 15) — you can download a copy of your data anytime in the Account & datapanel.
  • Right to rectification (Art. 16) — you can edit product, counterparty and profile data.
  • Right to erasure ("right to be forgotten") (Art. 17) — the “Permanently delete account” button in Account & data permanently deletes your account along with all products, counterparties and analyses.
  • Right to data portability (Art. 20) — full JSON export in the account panel.
  • Right to restriction and objection (Art. 18 and 21) — contact: contact@tradeshield.tech.
  • Right to lodge a complaint with the supervisory authority (PUODO in Poland).

5a. Use of data

Your data (products, counterparties, analysis content) is used solely to deliver the compliance analysis service. We do not sell data to third parties. Data is not shared between users — every account is fully isolated at the database level (Row Level Security).

6. Data retention

We retain data for the lifetime of the account plus 30 days after deletion (grace period for restoration). After this period data is permanently deleted. The audit log is retained for 12 months for security and compliance reasons.

7. Cookies

We use session cookies necessary for the application to work (authentication). We do not use analytics or marketing cookies without consent. Details in the Cookie policy.

8. Sub-processors

Supabase (database hosting, auth, storage) — DPA in progress. OpenAI / Lovable AI Gateway (AI analysis generation) — data is sent without personally identifying information.

Note: this privacy policy is for information only. For full legal protection consult a law firm.