Legal · Last updated April 20, 2026

Privacy Policy

TraceReady ("we," "us," "our") operates traceready.xyz and the associated lead-capture and email program. This Privacy Policy explains what we collect, how we use it, how long we keep it, and the rights you have over your information.

Information we collect

• Information you provide. Email address, company name, job role, company type, and current traceability tooling submitted on the guide request form.
• Attribution information. Google Click ID (gclid), UTM campaign parameters, landing page path, and referrer, used to understand which marketing channels drive qualified traffic.
• Technical information. User-agent string, a salted SHA-256 hash of your IP address (we do not retain the raw IP), and event timestamps. We do not use advertising ID or cross-site tracking cookies beyond Google Ads / Google Analytics.
• Cookies and storage. A first-party tr_gclid cookie (30-day lifetime) for attribution, a session UUID in localStorage for funnel analytics, and Google Analytics 4 and Google Ads cookies as set by their tags.

How we use it

• To email you the FSMA 204 Readiness Guide and related operator resources you request.
• To follow up by email with a gap review call invitation if you request one.
• To aggregate, anonymize, and analyze funnel performance to improve the site and our program.
• To meet legal and regulatory obligations (recordkeeping, tax, fraud prevention).

We do not sell your personal information. We do not share individual-level assessment answers with third parties outside of our service providers who are contractually obligated to keep it confidential.

Retention

• Waitlist and contact records: retained while you remain an active prospect or customer; deleted on request or after a 24-month period of inactivity.
• Attribution and analytics events: retained for 14 months (Google Analytics default).
• Customer engagement records (post-contract): retained per the terms of the signed Master Services Agreement.

Your rights

If you are a resident of the European Economic Area, United Kingdom, or Switzerland, you have rights under the GDPR to access, correct, delete, restrict processing, or port your personal information. If you are a California resident, you have analogous rights under the CCPA/CPRA, including the right to know, delete, and opt out of sale (we do not sell personal information).

To exercise any of these rights, email [email protected]. We respond within 30 days.

Security

Data is stored on infrastructure operated by Cloudflare. Transport is TLS 1.2+. Administrative access is restricted to named personnel and authenticated via HMAC-signed session cookies. We treat customer data under NDA; data exchanges during paid engagements happen over encrypted transports into logically isolated environments.

Children

The site and services are not directed at children under 16. We do not knowingly collect information from children.

Changes

If we change this Privacy Policy we will update the "Last updated" date above. Material changes will be announced on the site or by email to active customers.

Questions: [email protected].