Privacy Policy

TracePilot AI collects the following categories of information to provide and improve our Service:

• Authentication Data: When you sign in via GitHub or Google OAuth, we receive your email address, display name, and profile avatar. We do not request access to your private repositories (GitHub) or drive files (Google).
• API Key Data: When you generate an API key, we store a hashed reference linked to your account. API keys are generated server-side and are never derived from personal information.
• Trace & Telemetry Data: When you use the TracePilot SDK to trace AI agent executions, we store the trace data you send us. This may include prompts, model outputs, tool call results, error logs, execution times, and token counts. This data is linked to your API key and account.
• Usage & Analytics Data: We collect anonymous usage data such as page views, feature interactions, and performance metrics to improve the Service. This data is aggregated and cannot identify you personally.

We use the information we collect for the following purposes:

• Service Delivery: To provide, maintain, and operate the TracePilot platform, including trace storage, replay, and debugging features.
• Authentication: To verify your identity and grant access to your account and API keys.
• Communication: To send you service-related notifications, security alerts, and responses to your support requests.
• Improvement: To analyze usage patterns, fix bugs, and develop new features. We may use aggregated, anonymized trace data for this purpose.
• Security: To detect, prevent, and address fraud, abuse, and security issues.

TracePilot AI integrates with the following third-party services that may collect information:

• Google OAuth: Used for authentication. Google may collect your email and basic profile info. Google's Privacy Policy: https://policies.google.com/privacy
• GitHub OAuth: Used for authentication. GitHub may share your public profile data. GitHub's Privacy Policy: https://docs.github.com/en/site-policy/privacy-policies
• Supabase: Used as our backend infrastructure provider for authentication and data storage. Supabase's Privacy Policy: https://supabase.com/privacy

Your data is stored on secure servers managed by Supabase with industry-standard encryption (AES-256 at rest, TLS 1.3 in transit). We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. However, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

We do not sell, trade, or rent your personal information or trace data to third parties. We may share data only in the following circumstances:

• Service Providers: With trusted third-party services (Supabase) that help us operate the platform, subject to confidentiality obligations.
• Legal Requirements: If required by law, court order, or governmental regulation, we may disclose your data to comply with legal obligations.
• Anonymized Data: We may share aggregated, anonymized data that cannot identify you for analytical or research purposes.

We retain your account data for as long as your account is active. Trace data is retained for the lifetime of your account unless you request deletion. You may request deletion of your data at any time by contacting us. Upon account deletion, we will remove your personal data and associated traces within 30 days, except where retention is required by law.

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access: You can view your profile data and trace data through the TracePilot dashboard at any time.
• Rectification: You can update your account information by contacting us.
• Deletion: You can request deletion of your account and all associated data by contacting hello@tracepilotai.com.
• Portability: You can export your trace data through the API or by requesting a data export.
• Objection: You can object to the processing of your data for specific purposes by contacting us.

To request deletion of your account and all associated data, please contact us at hello@tracepilotai.com with the subject line "Data Deletion Request". We will process your request within 30 days and confirm completion via email. Please note that anonymized, aggregated data used for analytics may persist after deletion as it cannot identify you.

TracePilot AI uses minimal cookies necessary for the functioning of the Service, including session authentication tokens. We do not use advertising cookies or third-party tracking pixels. We may use anonymized analytics to understand usage patterns. You can control cookie settings through your browser preferences.

TracePilot AI is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children. If we discover that we have collected data from a child under 16, we will take steps to delete that information promptly.

Your data may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. By using the Service, you consent to the transfer of your data to these countries, and we will take appropriate measures to ensure your data is protected in accordance with this Privacy Policy.

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by placing a prominent notice on our website or by sending you an email. We encourage you to review this Privacy Policy periodically. Your continued use of the Service after any changes constitutes acceptance of the updated Policy.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Email: hello@tracepilotai.com
• Discord: https://discord.gg/ktYCtCA8D