Privacy Policy
Effective: March 1, 2026
What We Collect
We collect only what is necessary to provide the Service:
- Account information , email address and hashed password (bcrypt) when you register
- Usage logs , basic request logs for security monitoring and rate limiting
- Ingested security events , the events your organization sends to TRA-CE for causal analysis. This is your data.
What We Don't Collect
- We do not sell your data to anyone, ever
- We do not use third-party advertising or ad tracking
- We do not use third-party analytics services
- We do not track you across other websites
How We Use Your Data
Your data is used exclusively to provide the Service:
- Authentication , to verify your identity and manage your account
- Email , to send email verification, password reset, and organization invite emails
- Causal analysis , to build causal chains and run constraint checks on your ingested events
Data Retention
- Account data is retained until you request deletion
- Ingested events are stored according to your organization's configured retention settings
- Request logs are retained for 90 days for security purposes, then deleted
To request deletion of your account and data, contact jrandolph@tra-ce.ai.
Security
We take security seriously:
- All connections are encrypted with TLS
- Passwords are hashed with bcrypt (never stored in plaintext)
- TOTP-based two-factor authentication is available for all accounts
- PostgreSQL with row-level tenant isolation ensures organizations cannot access each other's data
- Rate limiting protects against abuse
- Session cookies are signed, httponly, and use samesite=lax
Contact
Questions about this Privacy Policy? Contact us at jrandolph@tra-ce.ai.