Privacy Policy

This Privacy Policy explains how Trace Labs, Inc. ("Trace", "we", "us") collects, uses, and protects information when you visit heytrace.ai or use our AI search visibility platform (the "Service").

If you have questions about this policy, contact us at hello@heytrace.ai.

Information we collect
How we use information
How we share information
Cookies and tracking
Data retention
Security
Your rights (GDPR & CCPA)
International transfers
Children's privacy
Changes to this policy
Contact

1. Information we collect

Information you provide

Account & contact info: name, work email, company, role, when you sign up, request a demo, or message us.
Communications: the content of emails, chat messages, or support requests you send us.
Billing info: if you become a paying customer, we collect billing contact info; payment cards are processed by our payment provider (we do not store full card numbers).

Information collected automatically

Usage data: pages viewed, links clicked, referrer, device and browser type, approximate location (from IP), session duration.
Cookies & similar tech: see Cookies and tracking.
Server logs: standard access logs (IP address, timestamp, requested URL) for security and diagnostics.

Information from third parties

Public AI engine data: as part of the Service, we query public AI engines (ChatGPT, Perplexity, Gemini, Claude, AI Overviews, etc.) to measure visibility for the brands tracked in your account. We do not collect personal data from those queries.
Auth providers: if you sign in via Google, we receive your name and email per OAuth scopes.

2. How we use information

We use information to:

Provide, operate, and improve the Service.
Communicate with you (product updates, support, billing).
Personalize your experience and the data we surface to you.
Measure marketing effectiveness and improve our website.
Detect, prevent, and address fraud, abuse, or security incidents.
Comply with legal obligations.

Our legal bases (under GDPR) are: contract (to deliver the Service to you), legitimate interests (analytics, security, product improvement), consent (for non-essential cookies and marketing), and legal obligation.

We do not sell your personal information. We share it only with:

Service providers who help us run the Service (hosting, analytics, payment, email delivery, customer support tooling). Each is bound by a Data Processing Agreement.
AI engine providers when our Service queries them on your behalf (no personal data is sent in those queries).
Legal & safety: if required by law, to protect rights, or to prevent fraud.
Business transfers: in connection with a merger, acquisition, or sale of assets.

Current sub-processors include Netlify (hosting), Google (Workspace, Analytics), and our payment processor. A current list is available on request to hello@heytrace.ai.

4. Cookies and tracking

We use cookies and similar technologies to make the site work, remember your preferences, and understand how it's used.

Essential cookies (always on): required for core site functionality and security.
Analytics cookies (optional): Google Analytics 4, used to understand aggregate site usage. Loaded only if you accept cookies.

You can manage your preferences any time via the cookie banner or your browser settings. Most browsers also let you block all cookies - note that doing so may break site features.

5. Data retention

We retain personal information only as long as needed for the purposes described above:

Account data: for the life of your account, plus up to 24 months after closure for legal and audit purposes.
Server logs: 90 days.
Analytics data: per Google Analytics retention settings (default 14 months).
Marketing communications: until you opt out.

6. Security

We use industry-standard safeguards: HTTPS/TLS in transit, encryption at rest, scoped access controls, audit logging, and regular dependency updates. No system is 100% secure - if you suspect a security issue, email hello@heytrace.ai.

7. Your rights

Depending on where you live (e.g., EEA, UK, California), you may have the right to:

Access the personal information we hold about you.
Correct inaccurate information.
Delete your information ("right to be forgotten").
Restrict or object to certain processing.
Data portability (receive a machine-readable copy of your data).
Withdraw consent at any time, where processing is based on consent.
Lodge a complaint with your local supervisory authority.

To exercise any of these, email hello@heytrace.ai. We'll respond within 30 days.

For California residents (CCPA/CPRA): we do not "sell" or "share" personal information for targeted advertising. You have the right to know, delete, correct, and limit use of sensitive personal information. We will not discriminate against you for exercising these rights.

8. International data transfers

Trace is based in the United States. If you access the Service from outside the US, your information will be transferred to and processed in the US. Where required, we use Standard Contractual Clauses (SCCs) with our service providers to safeguard cross-border transfers.

9. Children's privacy

The Service is not intended for anyone under 16. We do not knowingly collect information from children. If you believe we have, contact us and we will delete it.

10. Changes to this policy

We may update this policy from time to time. Material changes will be communicated via the Service or by email. The "Last updated" date at the top reflects the most recent revision.

11. Contact

Questions, requests, or concerns:

Email: hello@heytrace.ai
Mail: Trace Labs, Inc. - physical address available on request