> ## Documentation Index
> Fetch the complete documentation index at: https://docs.trakg.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Security compliance

<Badge variant="warning">Coming Soon</Badge>

At Trakg, protecting user data and respecting global privacy laws isn't an afterthought — it’s built into the core of our platform. We understand the sensitivity around form data and ensure businesses stay compliant while gaining powerful insights.

***

## 🔐 Built with Privacy in Mind

Trakg is designed to **capture only non-sensitive interactions** on forms — like which fields were filled, the time taken, or what was removed — while explicitly **ignoring** sensitive fields such as:

* Passwords
* Payment and financial details
* Government IDs (like SSN, Aadhaar)
* Health-related or confidential fields

> Our script uses built-in field name and type filters, as well as advanced pattern matching, to block the collection of personally identifiable or protected data.

***

## 🌍 GDPR (General Data Protection Regulation)

For businesses operating in or serving users from the EU:

* Trakg never stores personally identifiable information (PII) **without consent**.
* All tracking can be **opt-in only**, respecting cookie banners or consent managers.
* Users can request to have their interaction data removed via your dashboard.
* Data collection is anonymized unless a user explicitly submits a form.

> You remain the controller of the data — Trakg acts as a processor, helping you stay compliant with article 28 of GDPR.

***

## 🇺🇸 CCPA (California Consumer Privacy Act)

Under CCPA, users have the right to:

* Know what is being collected (Trakg is transparent by design)
* Opt-out of sale or tracking (via cookie settings or opt-out APIs)
* Request deletion of data (Trakg supports secure erasure workflows)

We do **not sell** user data, and **do not build advertising profiles**.

***

## 🛡 Data Storage & Retention

* All collected data is encrypted at rest and in transit using modern TLS standards.
* Data is stored only for as long as necessary to provide insights or as defined by your custom retention policies.
* You can manually delete any captured session or lead data from the dashboard at any time.

***

## 🔄 Consent Flexibility

Trakg plays nicely with major consent management tools (OneTrust, Cookiebot, etc.). You can:

* **Defer script execution** until consent is given
* Use `data-trakg-disabled` on forms to opt-out
* Respect DNT (Do Not Track) headers and incognito modes

***

## 🤝 SOC2, HIPAA & ISO Readiness

While Trakg doesn't process health or financial data by default, we:

* Follow principles aligned with SOC2 Type I controls (access logs, audit trails, breach reporting)
* Plan HIPAA-compatibility for healthcare-adjacent use cases (forms using `data-trakg-sensitive` will be auto-ignored)
* Work with external consultants to validate ISO 27001-aligned practices

***

## 🧪 Transparent Practices

* Source code is periodically reviewed and validated by external security professionals.
* We do not use dark patterns or track keyboard input beyond what’s typed into standard form fields.
* You always have visibility into what Trakg captured — viewable on a per-user, per-form basis from your dashboard.

***

## 🧭 Your Responsibilities

While Trakg helps with compliance, it’s up to you to:

* Disclose use of analytics and trackers in your privacy policy
* Ensure consent mechanisms are in place when required
* Avoid collecting data you don’t need or can't legally justify

> Trakg gives you the tools. Compliance is a shared responsibility.

***

Need more details for a compliance audit or integration help with your DPO or legal team? [Contact us](https://trakg.com/contact) or request a compliance brief through your [Dashboard](https://app.trakg.com).
