At Tracemate HQ ("Tracemate," "we," "us," or "our"), we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service at tracemate.io (the "Service").
1. Information We Collect
1.1 Information You Provide
We collect information that you voluntarily provide when you:
- Create an account: Email address and name (required for authentication and communication)
- Upload images for tracing: Images you upload to create custom Gridfinity bin designs
- Save design projects: Your bin configurations and design settings
- Contact us for support: Any information you provide in communications with us
- Purchase a subscription: Payment and billing information processed by our merchant of record (see Section 4)
1.2 Automatically Collected Information
When you access the Service, we may automatically collect certain technical information necessary for the operation of internet services and security purposes:
- Device information: Browser type, operating system, screen resolution
- Network information: IP address (may be stored in logs for security purposes)
- Browser user agent: Technical browser identification string
- Access timestamps: Date and time of your visits
This technical information is inherent to how the internet works and is necessary to deliver web content to your device. Some of this data may be retained in server logs for security monitoring and incident investigation.
1.3 Analytics Data
We use Umami, a privacy-focused, self-hosted analytics solution. Our analytics implementation:
- Does not use cookies for tracking
- Does not collect personal identifiers
- Only collects aggregated, anonymized data about product usage
- Cannot identify individual users
We analyze only summarized metrics to understand general usage patterns, identify areas for improvement, and improve the overall user experience. No individual user tracking or profiling is performed.
2. How We Use Your Information
We use the collected information for the following purposes:
- Provide the Service: Process your uploads, generate Gridfinity bin designs, and maintain your account
- Authentication: Verify your identity and manage access to your account
- Communication: Send transactional emails (account verification, password reset, subscription updates) and respond to support inquiries
- Improve the Service: Analyze aggregated usage patterns to enhance features and user experience
- Security: Detect and prevent fraud, abuse, and security incidents
- Legal Compliance: Comply with applicable laws and regulations
3. Data Storage and Infrastructure
We use the following service providers to operate our Service. Each provider has been selected for their security practices and compliance with data protection regulations:
3.1 Hosting and Infrastructure
- Hetzner: Our servers are hosted in Germany (EU), subject to German data protection laws and GDPR
- Convex: Backend services and database storage with enterprise-grade security and encryption
3.2 Communication Services
- Google Workspace: Used for direct email communication (e.g., support inquiries sent to our email addresses)
- Resend: Transactional and marketing email delivery service
3.3 Domain and DNS
- Spaceship: Domain registration and DNS management
3.4 Security Measures
We implement appropriate technical and organizational measures to protect your data:
- Encryption of data in transit (TLS/HTTPS)
- Encryption of data at rest
- Regular security assessments and monitoring
- Access controls and authentication
- Secure development practices
3.5 Data Retention
We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, or as required by law. You may request deletion of your data at any time by contacting us.
4. Payments and Subscriptions
Subscription payments and billing are handled by Polar.sh, which acts as our Merchant of Record.
Regarding payment data:
- Credit card and payment details are collected and processed exclusively by Polar.sh
- We never store sensitive payment information on our servers
- Polar.sh may share with us: your name, email, subscription status, purchase history, and billing country for account management purposes
Please review Polar.sh's Privacy Policy for details on how they handle payment data.
5. Sharing of Information
We do not sell your personal information. We may share your information only in the following circumstances:
- Service Providers: With the trusted third-party services listed in Section 3, solely for operating the Service
- Payment Processor: With Polar.sh for subscription management (as detailed in Section 4)
- Legal Requirements: When required by law, court order, or governmental authority, or to protect our rights, safety, or property
- Business Transfers: In connection with a merger, acquisition, or sale of assets, with advance notice where possible
6. Cookies and Tracking
We take a privacy-first approach to cookies and tracking technologies:
- Essential cookies only: We use strictly necessary cookies for session management and authentication
- No tracking cookies: We do not use third-party tracking or advertising cookies
- Cookie-free analytics: Our Umami analytics does not use cookies and cannot identify you personally
You can control cookie preferences through your browser settings. Disabling essential cookies may affect your ability to use certain features of the Service.
7. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
7.1 Rights Under GDPR (EU/EEA Residents)
- Access: Request a copy of your personal data
- Rectification: Request correction of inaccurate data
- Erasure: Request deletion of your personal data ("right to be forgotten")
- Portability: Receive your data in a machine-readable format
- Restriction: Request limitation of processing
- Objection: Object to processing based on legitimate interests
- Withdraw Consent: Withdraw consent at any time where processing is based on consent
7.2 Rights Under Other Laws
Residents of California (CCPA), Brazil (LGPD), and other jurisdictions with privacy laws may have similar rights. We will honor valid requests in accordance with applicable laws.
To exercise any of these rights, please contact us at help@tracematehq.com. We will respond within the timeframe required by applicable law (typically 30 days).
8. International Data Transfers
Our primary hosting infrastructure is located in Germany (EU).
Some of our service providers (such as Convex) may process data outside the EU/EEA. When this occurs, we ensure appropriate safeguards are in place, such as:
- Standard Contractual Clauses (SCCs) approved by the EU
- Adequacy decisions by the European Commission
- Other legally recognized transfer mechanisms
9. Children's Privacy
The Service is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at help@tracematehq.com.
10. Data Processing Agreements
We maintain Data Processing Agreements (DPAs) with service providers that process personal data on our behalf. For EU/EEA users, this includes appropriate Auftragsdatenverarbeitungs-Verträge (AVV) as required by German law.
If you require a copy of our DPA for your records, please contact us.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by:
- Posting the new Privacy Policy on this page with an updated "Last updated" date
- Sending an email notification for significant changes (where required by law)
We encourage you to review this Privacy Policy periodically. Your continued use of the Service after changes become effective constitutes your acceptance of the updated policy.
12. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
- Email: help@tracematehq.com
We aim to respond to all inquiries within 30 days, or sooner as required by applicable law.