Skip to content
Tracehold

Platform

One console for AI data loss prevention

What we cover: detection, prevention, reporting, integrations and deployment — all run from a single console across your browser, desktop and dev tools.

See the platform

Platform

How it works The on-device detection mechanism, step by step. Platform One console for the browser, desktop and dev tools. Multi-tenant Separate workspaces per team or client, one account. Deployment Live in weeks via Microsoft Intune or your MDM. Integrations SSO, SIEM, Slack/Teams alerts and the Outlook add-in.

Detection, prevention & reporting

Detection What Tracehold catches before it reaches AI tools. Prevention Redact the sensitive part, or block the message — automatically. Reporting Real-time dashboards and board-ready analytics. Endpoint agents Desktop, dev tools and email — beyond the browser.

Solutions

AI DLP for regulated industries

Every industry uses AI differently — and leaks differently. See how Tracehold maps to your sector's data and rules.

See all use cases

By industry

Banking & financial services Customer records, IBANs, transaction data. Healthcare Patient data, on-device, before it reaches AI. Insurance Claims and policyholder data, protected. Public sector Government and public-body AI use, governed.

By need

Use cases Common rollouts across regulated sectors. Integrations SSO, SIEM, Slack, Teams, Outlook & MDM.

Resources

Trust, by design

On-device detection, EU hosting and audit-ready evidence — the posture and paperwork your security and legal teams will ask for.

Security overview

Trust

Security On-device detection, encryption, EU hosting. Compliance Mapped to GDPR, NIS2, ISO 27001 and SOC 2.

Legal

Privacy policy How we handle data, metadata and prompts. DPA Data Processing Agreement, ready to sign.

Company

Built in the EU, from day one

Tracehold (formerly Verifia) is an EU company building AI-native data loss prevention — EU-hosted, EU-built, EU-run.

About Tracehold

Company

About Who we are and why we're building this in the EU. Contact Talk to us, or book a 30-minute demo.

Join us

Careers We're hiring — reach out to hello@tracehold.com. Terms Terms of service.
Pricing
Sign in Request a demo
EnglishEspañol
Sign in Request a demo
[ Legal · Data Processing Agreement · processor ]

Data Processing Agreement

This page is an overview of how processing works for managed Tracehold deployments — the paid Insight and Governance plans. In those deployments your organisation is the data controller and Tracehold is the processor under Article 28 of the GDPR. Because detection runs on the device and only metadata reaches the backend — the type of a finding, never the sk-live-9f2cvalue behind it — the data we process on your behalf is deliberately minimal.

Last updated: 22 June 2026 · Applies to managed deployments (Insight & Governance)

On this page

  1. Roles & scope
  2. Subject matter & duration
  3. Nature & purpose of processing
  4. Categories of data & data subjects
  5. Processor obligations & confidentiality
  6. Sub-processors
  7. Security measures
  8. International transfers
  9. Audits & assistance
  10. Data return & deletion
  11. Liability
  12. A signable DPA
This overview is provided for transparency, is kept current, and is not itself a contract. A signable Data Processing Agreement is available on request for the Insight and Governance plans and governs where applicable — email dpo@tracehold.com.
At a glance
  • You are the controller; we are the processor. We only process personal data on your documented instructions.
  • We process detection metadata, not content. Type of finding, severity and timestamp — never the prompt content by default.
  • Encrypted in transit and at rest, isolated per customer, with any reveal of retained text audited and permission-controlled.
  • EU data residency (built and hosted in the European Union, in France, on Contabo and OVH infrastructure), with an optional full self-host where data never leaves your premises.
  • A signable DPA is available on request for Insight and Governance.

1. Roles & scope

This Data Processing Agreement overview applies between Tracehold B.V. ("Tracehold", "we", "us"), formerly Verifia, established in the European Union at Werfkade 25, 1033 TA Amsterdam, Netherlands, and the organisation that subscribes to a managed Tracehold plan ("you", the "Customer").

For managed deployments — the paid Insight and Governance plans:

  • the Customer is the data controller: you decide why and how personal data is processed through your deployment;
  • Tracehold is the data processor: we process personal data only on your documented instructions, as set out in the DPA and the configuration of your deployment.

This page does not cover the free browser extension, which runs entirely on the device, needs no account and sends nothing to a backend — there is no controller–processor relationship there. For how the free extension and this website handle information, see the Privacy Policy. Where you choose to self-host the full stack, personal data stays on your infrastructure and Tracehold typically does not act as a processor of that data at all; the self-host terms govern instead.

2. Subject matter & duration

The subject matter of the processing is the provision of the Tracehold managed AI-DLP service: detecting sensitive data before it reaches AI tools, recording an audit trail of findings, and producing the compliance reports and regulation mapping (covering GDPR, the EU AI Act, NIS2 and DORA) that the service provides.

The duration of the processing matches the term of your subscription. We process personal data for the duration of the subscription — for as long as your managed deployment is active — plus a limited wind-down period of up to 30 days to return or delete data as described in §10. Specific retention windows are set in your configuration and recorded in the signable DPA, which governs where applicable.

3. Nature & purpose of processing

The nature of the processing is automated, on-device detection followed by the transmission of metadata about findings to your Tracehold backend. The detection itself runs on the device; the network carries the result of a check, not the content that was checked.

The purpose is strictly to deliver the service you have subscribed to:

  • to detect and prevent sensitive data from leaving for AI tools (across 2,200+ AI tools/sites, using 3,400+ detection patterns);
  • to give your security and compliance teams an audit trail of findings; and
  • to produce the compliance reports and regulation mapping covering GDPR, the EU AI Act, NIS2 and DORA.

We do not use the personal data we process on your behalf for any other purpose, we do not sell it, and we do not use it to train AI or machine-learning models.

4. Categories of personal data & data subjects

Categories of personal data

Because detection runs on the device and the prompt never leaves the browser by default, the personal data we process as your processor is limited to detection metadata:

  • the type of sensitive item detected (for example, "an API key" or "a personal identifier") — not the value itself;
  • the severity of the finding;
  • a timestamp;
  • the AI tool or site involved and the user/account the finding relates to, for your audit trail.

By default we do not process prompt content at all. On desktop endpoints, your organisation may choose to retain the exact text behind an alert so an admin can tell a real leak from a false alarm. Where you enable that option, that text is encrypted and can only be revealed through an audited, permission-controlled action (see §7). That retained text may incidentally contain whatever your staff typed; its scope and retention are configured by you, the controller.

Categories of data subjects

The data subjects are primarily the Customer's staff — your employees, contractors and other authorised users whose interactions with AI tools are protected by the deployment. To the extent any personal data appears within retained text under the optional setting above, additional data subjects (for example, third parties mentioned by your staff) may be involved; minimising this is within your control as the controller.

5. Processor obligations & confidentiality

As your processor, and consistent with Article 28 GDPR, Tracehold commits to:

  • process only on your documented instructions, including for international transfers, unless required to do otherwise by EU or Member State law (in which case we will inform you, where legally permitted);
  • confidentiality: ensure that personnel authorised to process the data are bound by appropriate confidentiality obligations;
  • implement and maintain appropriate technical and organisational security measures (see §7);
  • engage sub-processors only under the conditions in §6;
  • assist you with data-subject requests and with your obligations on security, breach notification and data-protection impact assessments (see §9);
  • return or delete personal data at the end of the service, at your choice (see §10);
  • make available the information needed to demonstrate compliance and allow for and contribute to audits (see §9); and
  • notify you without undue delay, and in any event within 72 hours, after becoming aware of a personal-data breach affecting your data.

Our internal tooling is deliberately limited: it is least-privilege, read-only where possible, audited, and cannot open encrypted content — so the protection holds even from the inside.

6. Sub-processors

We use a small number of vetted infrastructure sub-processors to run the managed service. Each is engaged under a written contract imposing data-protection obligations no less protective than those in our DPA, and each operates within the EU on our instructions and only to the extent needed to provide the service.

The current list — and how we notify you of any intended additions or replacements so you can object — is maintained on our sub-processors page. Our hosting is provided by Contabo and OVH, in European Union (France) regions. System and transactional email is sent from Tracehold's own self-hosted mail infrastructure in the EU, so no third-party email provider acts as a sub-processor; we use no third-party error-monitoring or analytics sub-processor.

7. Security measures

Security is the product, so it is built in rather than bolted on. The technical and organisational measures appropriate to this processing include:

Encryption

Detection metadata and any retained text are encrypted in transit and at rest. Credentials and connections to your other systems are masked, never returned in plain text.

Isolation

Every customer's data is fully isolated in its own walled-off space, enforced deep in the system. The default is "deny": one organisation can never reach another's data.

Audited reveal

Where you retain the text behind an alert, it stays encrypted until an authorised admin reveals it. Each reveal needs a specific permission and is logged — who looked, when, at what.

Signed, verified updates

The browser extension, the endpoint agents and the detection rules are signed before they leave us and verified before they are applied. Nothing unsigned is accepted, and an old version cannot be slipped back in.

Identity & least privilege

Sign-in integrates with Microsoft Entra ID and Okta, hardened with brute-force protection and optional multi-factor. Internal access is least-privilege, read-only where possible, and audited.

On certifications, we describe our status plainly: ISO 27001 certification is in progress (not yet certified); for ENS, PCI-DSS and SOC 2 we are aligned with / mapped to the frameworks but not certified. You can read more on our Security page.

8. International transfers

Tracehold is built and hosted in the European Union, with EU data residency (primary region: the European Union, in France, on Contabo and OVH infrastructure). Processing of your data under this DPA takes place within the EU, so the tool that protects your data does not create a new cross-border transfer problem.

If your configuration ever required a transfer outside the EU/EEA, it would only happen on your documented instructions and under an appropriate transfer mechanism — the European Commission's Standard Contractual Clauses — with supplementary measures as needed. Organisations that prefer to keep everything on their own infrastructure can self-host the entire stack, in which case data never leaves their premises and no transfer arises.

9. Audits & assistance

We make available the information reasonably necessary to demonstrate compliance with our Article 28 obligations, and we allow for and contribute to audits, including inspections, conducted by you or an auditor you mandate, on at least 30 days' prior written notice and no more than once per year (or following a substantiated personal-data breach), subject to confidentiality and to not compromising the security or isolation of other customers.

Taking into account the nature of the processing and the limited information available to us as a processor, we will assist you:

  • in responding to data-subject requests (access, rectification, erasure, restriction, objection, portability) relating to data in your deployment;
  • with your obligations on security of processing, breach notification and communication to data subjects; and
  • with data-protection impact assessments and any prior consultation with a supervisory authority.

10. Data return & deletion

On termination or expiry of the managed service, and at your choice, we will return the personal data we process on your behalf, or delete it, and delete existing copies, unless EU or Member State law requires us to retain it.

Because detection runs on the device and the prompt never leaves the browser by default, the volume we hold is intrinsically small. Any retained text you enabled is deleted within 30 days of termination, or on the schedule set in your configuration if shorter. Uninstalling endpoints and revoking access removes the client side under your control.

11. Liability

The allocation of liability between controller and processor — including any caps, exclusions and the interaction with the liability terms of your main subscription agreement — is governed by the liability provisions of the master subscription agreement and the signable DPA, following the apportionment principles of Article 82 GDPR. This overview page creates no contractual liability on its own.

The DPA is governed by the laws of the Netherlands, with disputes subject to the courts identified there.

A signable DPA — available on request

A complete, signable Data Processing Agreement — including the Article 28 clauses, the technical and organisational measures, the sub-processor list and any Standard Contractual Clauses where relevant — is available on request for the Insight and Governance plans.

  • Request a DPA or ask a question: dpo@tracehold.com
  • Privacy enquiries: privacy@tracehold.com
  • General: hello@tracehold.com
  • Sub-processors: see the current list
  • Post: Tracehold B.V., Werfkade 25, 1033 TA Amsterdam, Netherlands
Need a DPA for your deployment? Tell us about your Insight or Governance rollout and we'll send the signable DPA and answer any data-protection questions. Talk to our team → · See how we protect data

Tracehold is built and hosted in the European Union, in France, on Contabo and OVH infrastructure, with EU data residency and an optional full self-host. See our Security and Privacy Terms DPA Subprocessors pages for more.

Tracehold

AI-native data loss prevention (AI DLP). Detection runs on the device — only metadata reaches the backend.

EU-HOSTED · ISO 27001 IN PROGRESS

Product

Platform Detection Endpoint agents Browser extension Outlook add-in Compliance Pricing Integrations Use cases

Why Tracehold

How it works What we detect Beyond the browser Compliance Security & privacy Book a demo

Company

About (formerly Verifia) Security Careers Privacy Terms DPA Subprocessors Contact
© 2026 Tracehold. Formerly Verifia. All rights reserved. AI-native data loss prevention, built in the EU.
Privacy Terms DPA