Regulatory Compliance
TraceLock AI maintains comprehensive compliance with global data protection regulations, industry standards, and security frameworks. Our compliance programme ensures that our customers can trust us with their most sensitive data.
Our Compliance Philosophy
Compliance is not merely a checkbox exercise for TraceLock AI. We view regulatory requirements as a baseline, consistently exceeding minimum standards to provide our customers with the highest levels of data protection and operational transparency. Our dedicated compliance team continuously monitors regulatory developments across all jurisdictions where we operate, ensuring proactive adaptation to evolving requirements.
Compliance Frameworks
GDPR
General Data Protection Regulation
Full compliance with European data protection requirements including data subject rights, lawful processing bases, cross-border transfer mechanisms, and Data Protection Impact Assessments.
SOC 2 Type II
Service Organization Control
Annual independent audit of security, availability, processing integrity, confidentiality, and privacy controls. Reports available to customers under NDA.
ISO 27001
Information Security Management
Certified information security management system covering all aspects of our operations, from development practices to physical security.
UK Data Protection Act
DPA 2018
Full compliance with UK data protection legislation including registration with the Information Commissioner's Office (ICO) and adherence to UK-specific requirements.
CCPA/CPRA
California Privacy Rights
Compliance with California consumer privacy requirements including right to know, delete, opt-out, and non-discrimination provisions.
PCI DSS
Payment Card Industry
Level 1 compliant payment processing through certified payment providers. No card data stored on TraceLock systems.
Data Processing
Data Processing Agreements
We provide comprehensive Data Processing Agreements (DPAs) that meet GDPR Article 28 requirements. Our standard DPA includes Standard Contractual Clauses for international transfers.
Sub-processors
We maintain a current list of sub-processors and provide advance notice of any additions. All sub-processors undergo security assessments and are bound by equivalent data protection obligations.
Data Localisation
Enterprise customers can specify data residency requirements. We offer EU-only, UK-only, or other regional deployment options to meet local regulatory requirements.
Data Subject Rights
Our platform provides tools for customers to fulfil data subject access requests, erasure requests, and portability requests. We respond to all requests within regulatory timeframes.
Government & Legal Requests
Legal Process Requests
We respond to valid legal process from authorised government agencies in accordance with applicable law. Our legal team reviews all requests for validity, scope, and compliance with relevant privacy laws before any disclosure. We will provide transparency reports detailing the volume and nature of government requests received.
Where legally permitted, we notify affected customers of government requests unless prohibited by law or where notification would jeopardise an investigation.
Enterprise & Government Solutions
TraceLock AI is designed to support government agencies and enterprise organisations in legitimate asset recovery efforts. All enterprise agreements are governed by formal contracts that ensure data is used appropriately and in compliance with applicable laws. We maintain strict controls on platform access and regularly audit usage patterns.
Audit & Reporting
SOC 2 Reports
Annual Type II reports available to customers and prospects under NDA. Reports cover security, availability, and confidentiality trust principles.
Penetration Testing
Quarterly penetration tests by accredited third parties. Executive summaries available to enterprise customers upon request.
Security Questionnaires
We respond to industry-standard questionnaires including SIG, CAIQ, and custom formats. Pre-completed questionnaires available for common frameworks.
Compliance Documentation
Our compliance team can provide detailed documentation, complete security questionnaires, or arrange calls to discuss specific regulatory requirements. Enterprise customers receive dedicated compliance support as part of their engagement.
Contact Compliance Team