TraceFlow Logo
TraceFlow

Privacy Policy

Last updated: March 10, 2026

1. Overview

TraceFlow ("we," "our," or "us") provides an intelligence platform for AI-assisted engineering. We respect your privacy and are committed to protecting the data you entrust to us. This policy explains what information we collect, how we use it, and your rights regarding that data.

2. Information We Collect

Account Data

When you sign up, we collect your email address, name, and authentication metadata (via OIDC or local credentials).

Machine & Server Data

To provide our discovery features, the TraceFlow Agent collects metadata about your connected machines, including OS type, LAN IP addresses, and active tmux sessions.

AI Session Context

TraceFlow parses and stores session histories from AI tools like Claude Code, Gemini CLI, and Codex CLI. This includes prompts, assistant responses, and associated file metadata. This data is critical for our alignment and intent analysis features.

3. How We Use Your Data

  • To Provide Service: Displaying your project timelines, session histories, and server status.
  • Intelligence Features: Analyzing session intent to provide tangent alerts, collision warnings, and project roadmaps.
  • Communication: Sending daily or weekly intelligence digests and security alerts.
  • Security: Managing mTLS certificate rotation and zero-trust access control.

4. AI Training & Data Sovereignty

We do not use your private session data or source code to train our own base models.

When you use our "Managed Intelligence" features (Pro/Team tiers), we pass session context to third-party LLM providers (such as Anthropic, Google, or OpenAI) to generate summaries and alerts. We only use enterprise-grade APIs where data is not used for model training by the provider. On the Individual tier, if you choose the "Bring Your Own Key" (BYOK) or "Local LLM" option, your data never leaves your infrastructure or is governed by your own API provider's terms.

5. Data Retention

Retention periods depend on your subscription plan. Individual plans typically have a 14-day cloud retention limit, while Team plans offer unlimited history. You may delete your data or disconnect your machines at any time through the dashboard.

6. Security

We employ industry-standard security measures, including 256-bit encryption for data at rest and mTLS (Mutual TLS) for all agent-to-hub communication. We do not store static SSH keys; all access is governed by short-lived, rotated certificates.

7. Contact

If you have questions about this policy or your data, please contact us at privacy@traceflow.sh.