Last updated May 14, 2026

Privacy Policy

Tracegrain is a local-first runtime for AI agents. Most of what Tracegrain observes never leaves your machine. This policy covers the data we do handle — primarily the account information you provide when you sign in.

01

Who we are

Tracegrain (“Tracegrain”, “we”, “us”) is operated from the United States. You can reach us at ops@tracegrain.com for any privacy question, data request, or deletion request.

02

What we collect

Account data. When you sign in with Google, we receive your name, email address, Google account ID, and profile picture. We use this to create and identify your Tracegrain account. We do not request, store, or process any other Google data — no Gmail, Drive, Calendar, or Contacts scopes are used.

Product usage. We log routine telemetry needed to operate the service: authentication events, errors, and basic request metadata.

Local capture stays local. The Tracegrain desktop app observes your work on-device. Screen, audio, and application context are stored in a local database you control. We never upload raw captures to our servers.

03

How we use it

We use the data above to:

  • Authenticate you and keep your account secure.
  • Operate and improve the Tracegrain service.
  • Send service-related email (e.g., sign-in verification, account notices) and, only when you opt in, product digests.
  • Comply with legal obligations and prevent abuse of the service.

We do not sell personal data. We do not use Google account data to train AI models or for advertising.

04

Who processes it

We rely on a small set of vendors to run the service. Each one processes data only for the purpose listed:

  • Neon — managed Postgres database hosting (account data).
  • Neon Auth — authentication, including Google Sign-In token exchange.
  • Cloudflare — application hosting, edge runtime, and DDoS protection.
  • Resend — transactional email delivery.
  • Anthropic — AI inference when you explicitly invoke an agent action.
05

Retention

Account data is retained for as long as your account is active. If you delete your account, we delete or anonymize your personal data within 30 days, except where we are required to retain it for legal or security reasons.

Local capture on your device is governed by your local settings. Uninstalling the Tracegrain desktop app does not by itself remove your local capture database — you can delete it manually from your data directory at any time.

06

Your rights

Depending on where you live, you may have the right to access, correct, export, or delete the personal data we hold about you, and to object to or restrict certain processing. To exercise any of these rights, email ops@tracegrain.com. We respond within 30 days.

You can also revoke Tracegrain’s access to your Google account at any time from your Google account permissions page.

07

Security

We use industry-standard safeguards: TLS in transit, encryption at rest, scoped credentials, and least-privilege access controls. No system is perfectly secure; if we ever experience a breach that affects your data, we will notify you as required by applicable law.

08

Children

Tracegrain is not directed to children under 16 and we do not knowingly collect personal data from them. If you believe a child has provided us with personal data, please contact us so we can remove it.

09

Changes

We may update this policy from time to time. When we do, we will revise the “Last updated” date above and, for material changes, notify you by email or in-product before the change takes effect.