Privacy Policy

Privacy Policy

Last Updated: January 30, 2026

1. Introduction

Welcome to TraceOverlay ("we," "our," or "us"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website traceoverlay.com and our services.

Please read this Privacy Policy carefully. If you do not agree with the terms of this Privacy Policy, please do not access our website or use our services.

Contact Information:

2. Information We Collect

2.1 Personal Information You Provide to Us

We collect information you provide directly to us, including:

  • Account Information: Name, email address, and profile information
  • Payment Information: Billing address and payment method details (processed securely by Stripe)
  • Communications: Messages, feedback, and support inquiries

2.2 Information Automatically Collected

We automatically collect certain information when you use our services:

  • Device Information: Browser type, operating system, device identifiers
  • Usage Information: Features used, time spent, error reports
  • Log Data: Access logs, timestamps

2.3 Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect and track information about your activities on our website. See our Cookie Policy for details.

2.4 What We Do NOT Collect

Your images never leave your device. TraceOverlay processes all reference images locally on your device. We do not upload, store, or have access to any images you use with the app.

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Service Provision

  • To provide, maintain, and improve our services
  • To process subscription payments
  • To provide customer support
  • To communicate about updates and security

3.2 Security and Fraud Prevention

  • To verify your identity and prevent fraud
  • To protect against abuse and unauthorized access
  • To comply with legal obligations

3.3 Analytics and Improvement

  • To analyze usage patterns and improve our services
  • To develop new features

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), we process your personal information on the following legal bases:

  • Contract: To fulfill our obligations under our Terms of Service
  • Legitimate Interest: To prevent fraud, ensure security, and improve our services
  • Consent: For marketing communications and non-essential cookies
  • Legal Obligation: To comply with legal requirements

5. Information Sharing and Disclosure

5.1 Third-Party Service Providers

We share your information with trusted third parties who assist us in operating our services:

  • Payment Processor: Stripe for secure payment processing
  • Hosting Provider: Vercel for cloud infrastructure
  • Analytics: Umami (privacy-focused, no personal data tracking)
  • Authentication: Google OAuth (if you choose to sign in with Google)

5.2 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred.

5.3 Legal Requirements

We may disclose information if required to do so by law or in response to valid legal requests.

6. Data Retention

We retain your personal information for as long as necessary to provide our services:

  • Account Information: Retained while your account is active, then deleted within 30 days of account closure
  • Transaction Records: Retained for 7 years for tax and legal purposes
  • Support Communications: Retained for 2 years for quality assurance
  • Analytics Data: Retained in anonymized form for up to 2 years

7. Your Privacy Rights

7.1 General Rights

Depending on your location, you may have the following rights:

  • Access: Request a copy of your personal information
  • Rectification: Request correction of inaccurate information
  • Deletion: Request deletion of your personal information
  • Portability: Request transfer of your data to another service
  • Objection: Object to processing of your information

7.2 How to Exercise Your Rights

To exercise your rights, contact us at:

We will respond to your request within 30 days.

7.3 California Privacy Rights (CCPA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA). See our Do Not Sell My Info page.

7.4 European Union Rights (GDPR)

If you are located in the EEA, you have additional rights under GDPR, including the right to:

  • Withdraw consent at any time
  • Lodge a complaint with a supervisory authority
  • Receive information about data breaches

8. Children's Privacy

Our services are not intended for children under the age of 13. We do not knowingly collect personal information from children under this age. If you are a parent or guardian and believe your child has provided us with personal information, please contact us.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. When we transfer your information, we ensure appropriate safeguards are in place to protect your privacy.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

  • Encryption: Data encrypted in transit (HTTPS) and at rest
  • Access Controls: Limited access to personal information
  • Security Audits: Regular security assessments

However, no method of transmission over the internet is 100% secure.

11. Data Breaches

In the event of a data breach that poses a risk to your rights and freedoms, we will notify you:

  • Without undue delay and within 72 hours (GDPR)
  • In the most expedient time possible (CCPA)

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The updated version will be indicated by a revised "Last Updated" date.

We will notify you of material changes by:

  • Posting a notice on our website
  • Sending an email notification

13. Governing Law

This Privacy Policy is governed by the laws of California, United States, without regard to its conflict of law provisions.

14. Contact Us

If you have questions about this Privacy Policy, please contact us:

Privacy Policy Version: 1.0 Effective Date: January 30, 2026

Privacy PolicyTerms of ServiceCookie PolicyDo Not Sell My InfoAcceptable Use

© 2026 TraceOverlay. All rights reserved.