Last updated: March 2026
TrazaLab collects only the data required to operate the platform: account information (name, email, role), clinical data uploaded by the user (files, photos, audio, prescriptions), and usage metadata (access logs, action timestamps).
All data is stored on Cloudflare R2 with AES-256 GCM encryption at rest and TLS/SSL in transit. Files are never stored on other users' local devices. Access is role-based and revocable at any time.
The case owner (surgeon/clinic) has full control over who accesses their data. Access can be revoked instantly. Data can be exported at any time without restriction.
Data is retained for as long as the user maintains an active account. Upon account closure, data may be exported and subsequently deleted upon request.
TrazaLab is designed to comply with the GDPR (General Data Protection Regulation) and applicable national data protection regulations. The audit log, role-based access control, and encryption provide demonstrable evidence of compliance.
For privacy inquiries: [email protected]