TraceCover.
TraceCover.
Log InGet Started — Free

Privacy Policy

Last Updated: March 2026

At TraceCover, a trading name of Aktif Management Ltd ("we," "us," or "our"), we respect your privacy and are committed to protecting your personal data and the proprietary risk data of your clients.

This privacy policy explains how we collect, process, and protect data when you visit our website or utilize our web application, and informs you of your privacy rights under applicable data protection frameworks.

1. Important Information and Who We Are

TraceCover operates as a B2B Software-as-a-Service (SaaS) provider. For legal and compliance purposes, Aktif Management Ltd (registered in England & Wales) is the controller and is responsible for your personal data.

If you have any questions about this privacy policy or our data handling practices, please contact our Data Privacy Manager at: privacy@tracecover.com.

2. What We Store and What We Never Store

We fundamentally separate Account Data from Processing Data to maintain our Zero-Retention Architecture.

A. What is Stored (Retained)

  • Comparison Results User Explicitly Saves: Any analysis output you click "Save Analysis" on, which is written to your secure PolicyVault.
  • Account Credentials: Securely encrypted via Supabase authentication.
  • Usage Counters & Logs: We store comparison tracking metrics specifically for plan enforcement and billing: comparison_count, page_count, model_used, and billing period timestamps.

B. What is Never Stored (Zero-Retention Architecture)

When you upload documents into our AI Core Engine, they are processed in-memory and immediately destroyed. We never store:

  • Original expiring policy PDFs.
  • Renewal quote PDFs.
  • Any other uploaded documents or raw client text.

3. Data Collection for Plan Enforcement and Retention

We collect and utilize the Usage Counters described above strictly for plan enforcement (e.g., Starter vs Enterprise limits). We maintain a 24-month retention period for all usage and billing data, after which it is anonymized or deleted.

4. GDPR & CCPA Compliance

TraceCover complies with the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). You have the right to access, rectify, or erase your processed personal data. We do not sell any personal or usage data to third parties.

5. How We Use Your Personal Data

We will only use your Account Data when the law allows us to. Most commonly, we use it to:

  • Perform the contract we have entered into with you.
  • Manage your subscription and enforce plan billing.
  • Notify you about critical security updates.

4. Data Security & Infrastructure

We have implemented enterprise-grade security measures to prevent your data from being accidentally lost, altered, or accessed in an unauthorized way.

  • Encryption: All data is encrypted in transit (TLS 1.2+) and at rest (AES-256).
  • Access Control: We employ strict Role-Based Access Control (RBAC). Only authorized personnel with a critical business need can access system infrastructure.
  • Infrastructure: Our application is hosted on secure, SOC2-compliant cloud infrastructure providers (such as Amazon Web Services) utilizing US-based data centers to minimize cross-border data latency and ensure compliance with US commercial standards.

5. Data Retention

We will only retain your Account Data for as long as reasonably necessary to fulfill the purposes for which we collected it, including satisfying any legal, regulatory, tax, or accounting requirements. If you cancel your TraceCover subscription, you may request the complete deletion of your Account Data by contacting us.

6. Your Legal Rights

Depending on your jurisdiction, you possess specific rights regarding your personal data, including the right to:

  • Request Access: Receive a copy of the personal data we hold about you.
  • Request Correction: Correct any incomplete or inaccurate data we hold.
  • Request Erasure: Ask us to delete or remove personal data where there is no good reason for us continuing to process it.
  • Withdraw Consent: Withdraw consent at any time where we are relying on consent to process your personal data.

To exercise any of these rights, please email privacy@tracecover.com.

7. Changes to the Privacy Policy

We may update this policy periodically to reflect changes to our architecture or regulatory requirements. We will notify active users of any material changes via email or a prominent notice within the TraceCover web application.