Back to TRACΞ
Privacy Policy

Privacy Policy

Last updated · May 8, 2026

TRACΞ ("we", "us", "the Service") is an institutional memory tool that captures, summarizes, and indexes a team's collective intelligence. This policy explains what data we collect, how we use it, and the rights you have over it.

1 · Data we collect

Account data. Email address, display name, avatar, and authentication identifiers from Google OAuth or email sign-up.

Workspace content. Notes, files, search queries, and metadata you (or your workspace admin via Google Sync) submit to the Service for indexing.

Telemetry. Audit-log events (search, file access, sync, export) and basic technical logs needed to operate the Service.

We do not sell personal data and we do not use workspace content to train public AI models.

2 · How we use it

To provide search, summarization, and AI-assisted retrieval (VΞRA) for your workspace.

To enforce workspace access controls, seat limits, and the audit trail required for compliance.

To send essential service emails (verification, security notices, admin requests).

3 · Storage, security, retention

Data is stored on Supabase (EU/US regions) with row-level security policies that restrict access to members of your workspace. Transit is encrypted with TLS.

Workspace admins choose a retention window (1–10 years) under Legal & Compliance. Content older than that window is eligible for archival or deletion.

Audit logs are tamper-evident and retained for the workspace retention window.

4 · Third-party processors

Supabase — database, authentication, storage.

Google Workspace — only when an admin connects Google Sync. We request the minimum scopes needed to read the documents the admin authorizes; tokens are stored encrypted and can be revoked at any time.

Lovable AI Gateway / model providers — used to generate summaries and answer questions from workspace content. Prompts and responses are not retained for training.

5 · Your rights

You can request access, correction, export, or deletion of your personal data at any time. Workspace admins can delete an entire workspace, which removes all associated content and audit records subject to legal hold requirements.

EU/UK users have rights under GDPR. California users have rights under CCPA. To exercise these rights, contact us at the address below.

6 · Contact

Questions, deletion requests, or security disclosures: privacy@trace.dev.

Material changes to this policy will be announced in-app and reflected in the "Last updated" date above.

Encrypted · Auditable · Sovereign