TradeGuard ("we", "us", "our") is committed to protecting the privacy and security of your personal and business data. This Privacy Policy explains how we collect, use, store, and share information when you use the TradeGuard platform ("Service"). We process all data in accordance with the EU General Data Protection Regulation (GDPR) and applicable member state data protection laws.
1. Information We Collect
Account Details
When you register, we collect your email address, company name, and EORI (Economic Operators Registration and Identification) number. This information is necessary to create and manage your account and verify your identity as an EU importer.
Document Data
You may upload PDF invoices and other trade documents to the platform for processing. These documents are used exclusively to extract structured data (HS codes, product descriptions, weights, country of origin) for CBAM compliance reporting.
Supplier Data
Through the TradeGuard supplier portal, your suppliers may submit email addresses and emissions data (carbon intensity values, production methods) on your behalf. This data is collected solely to populate your CBAM reports.
2. How We Use Your Data
We use collected data exclusively to provide the TradeGuard SaaS platform. This includes:
- Authenticating and managing your account.
- Parsing uploaded invoices to extract structured trade data.
- Classifying products under CBAM-applicable HS codes.
- Generating CBAM XML exports for EU regulatory submission.
- Sending transactional emails (account verification, supplier data requests, export notifications).
- Processing subscription payments.
We do not sell, rent, or share your data with third parties for marketing purposes.
3. Third-Party Sub-Processors
To deliver the Service, we rely on the following trusted infrastructure partners, each bound by data processing agreements:
Application hosting, CDN, and serverless function execution.
PostgreSQL database, user authentication, and row-level security.
Large language model inference for invoice data extraction. No data retention for training.
Delivery of account verification, supplier data requests, and system notifications.
Subscription billing and payment processing. Paddle acts as Merchant of Record.
4. AI Data Usage Policy
TradeGuard uses large language models to parse invoice data. We do not use your documents, supplier data, or personal information to train any AI models. Data processed by our AI partners is deleted immediately after extraction and is not retained for training purposes.
AI processing is performed via API calls to Anthropic through AWS infrastructure. These calls are stateless — no document content or extracted data persists on AI partner systems after the response is returned.
5. Data Security
We implement industry-standard security measures to protect your data, including encryption in transit (TLS 1.3) and at rest (AES-256), row-level security policies on database tables, and secure authentication via Supabase Auth with support for OAuth and magic link sign-in.
6. Data Retention
We retain your account data and processed shipment records for as long as your account is active or as needed to provide the Service. Uploaded PDF documents are not stored permanently — they are processed in memory and discarded after data extraction. You may request deletion of all your data at any time (see Section 7).
7. Your Rights Under GDPR
As a data subject under the General Data Protection Regulation, you have the following rights:
- Right of Access: Request a copy of all personal data we hold about you.
- Right to Rectification: Request correction of any inaccurate or incomplete personal data.
- Right to Erasure: Request deletion of your personal data ("Right to be Forgotten"). We will erase all data within 30 days of a verified request, unless retention is required by law.
- Right to Data Portability: Receive your data in a structured, commonly used, machine-readable format.
- Right to Object: Object to the processing of your personal data under certain circumstances.
To exercise any of these rights, contact us at support@tradeguard-eu.app. We will respond within 30 days.
8. Cookies
TradeGuard uses only essential, first-party cookies required for authentication and session management. We do not use tracking cookies, analytics cookies, or any third-party advertising cookies.
9. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email or an in-app notification at least 30 days before they take effect. The "Last updated" date at the top of this page reflects the most recent revision.
10. Contact Us
If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at: support@tradeguard-eu.app