Privacy Policy

Effective date: March 1, 2026

1. Data Controller

TraceFox GmbH, registered in Germany, is the data controller responsible for the processing of your personal data. For contact details, contact us at hello@tracefox.app.

2. What Data We Collect

We collect the following categories of personal data when you use TraceFox:

  • Account data: name, email address, and password hash when you create an account.
  • Usage data: pages visited, features used, timestamps, and device information collected through server logs.
  • Content data: requests, evidence, artifacts, and project knowledge you create within TraceFox.
  • Payment data: billing information processed through our payment provider. We do not store full credit card numbers.
  • Communication data: messages you send to our support team.

3. Legal Basis for Processing

We process your data based on the following legal grounds under the GDPR:

  • Contract performance (Art. 6(1)(b)): to provide and maintain the TraceFox service.
  • Legitimate interest (Art. 6(1)(f)): to improve our service, ensure security, and prevent fraud.
  • Consent (Art. 6(1)(a)): for optional analytics cookies and marketing communications. You may withdraw consent at any time.
  • Legal obligation (Art. 6(1)(c)): to comply with tax, accounting, and regulatory requirements.

4. Data Retention

We retain your account and content data for as long as your account is active. After account deletion, we remove personal data within 30 days, except where retention is required by law (e.g., invoicing records retained for 10 years under German tax law). Usage logs are automatically deleted after 90 days.

5. Third-Party Processors

We share data with the following categories of service providers, all bound by data processing agreements:

  • Cloud infrastructure providers (hosting and storage)
  • Payment processors (billing and subscription management)
  • Analytics providers (anonymized usage data only, with consent)
  • Email service providers (transactional and support emails)

We do not sell your personal data. Data transfers outside the EU/EEA are covered by Standard Contractual Clauses or equivalent safeguards.

6. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right of access: request a copy of the personal data we hold about you.
  • Right to rectification: correct inaccurate or incomplete data.
  • Right to erasure: request deletion of your personal data.
  • Right to portability: receive your data in a structured, machine-readable format.
  • Right to object: object to processing based on legitimate interest.
  • Right to restrict processing: request limitation of data processing under certain conditions.

To exercise any of these rights, contact us at privacy@tracefox.app. You also have the right to lodge a complaint with your local data protection authority.

7. Cookies

TraceFox uses essential cookies required for the service to function (session management, security). Optional analytics cookies are only set with your explicit consent. You can manage your cookie preferences at any time through the cookie settings accessible from the footer of our website.

8. Contact

For data protection inquiries, contact our data protection officer at privacy@tracefox.app.