TrackLayer is built for EU-based merchants by EU-based engineers. Compliance isn't a feature we bolted on — it's how the pipeline is shaped. Hashing at the edge, residency by default, delete cascades that actually work.
Email, phone, and any identifier matching PII heuristics are SHA-256 hashed in the ingestion Worker before they hit our storage. The raw values never reach a database we control.
All merchant data is stored in eu-west-1 (Frankfurt) by default. US-east-1 and AP-south-1 are available on request for Scale and Unlimited plans. No cross-region replication.
POST /v1/identity/{profile_id} with method DELETE → cascade deletion across events, deliveries, profile graph, and CAPI-delete signals to Meta/Google/TikTok. Completes in under 2 minutes.
If your store passes IAB TCF v2.2 consent strings or Shopify customer privacy API signals, we respect them — platforms configured as 'analytics-only' don't receive marketing events.
We never pool, resell, or aggregate merchant data across customers. Your events, your attribution, your ROAS — TrackLayer's commercial model is your subscription, not your data.
Every write operation (replay, delete, platform-connect, rule-create) is logged to an immutable audit log retained for 365 days. You can export it via API or in-app CSV.