TracefoxTracefox

Privacy Policy

Last Updated: May 25, 2026

1. Introduction

Tracefox ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and safeguard your information when you use our website (tracefox.co), our Chrome extension recorder, our free tools, and our paid checkout testing and site monitoring service (collectively, the "Service").

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Email address and authentication credentials (passwords are hashed and never stored in plain text).
  • Billing Information: Payment details are processed and stored by Stripe. We do not store credit card numbers on our servers.
  • Website Data: URLs and domain names you add for monitoring, along with scan configurations you set.
  • Checkout Test Definitions: The step sequences, success conditions, and Test Data (names, emails, shipping addresses, coupon codes, test payment card numbers) you configure for each Test. We strongly recommend using only test card numbers from your payment processor (e.g. Stripe test cards); see our Terms of Service.
  • Chrome Extension Recordings: When you use our Chrome extension to record a checkout flow, the captured clicks, form fills, navigations, and selector data are transmitted to your Tracefox account and stored as the Test definition.
  • Support Communications: Messages, tickets, and feedback you submit through our support system.

2.2 Information Collected Automatically

  • Usage Data: Pages visited, features used, scan history, login timestamps, and report generation activity.
  • Device Information: Browser type, operating system, screen resolution, and device identifiers.
  • Network Information: IP address, approximate geographic location (country/region level), and referring URLs.

2.3 Scan Data

When we scan Monitored Websites on your behalf, we collect publicly accessible data including: cookies set by the website, third-party scripts and domains loaded, HTTP headers, meta tags, and page content hashes. This data is associated with your account and used to generate reports and alerts.

2.4 Test Run Data

When we execute a Checkout Test you configured, we capture:

  • Screenshots of each step, including any data visible on the page at that moment (your own product info, cart contents, the Test Data values you provided, etc.).
  • Video recordings of the full Test Run session.
  • Network observations made by the headless browser during the run (resources loaded, request URLs).
  • Pass/fail status + timing per step, plus error messages when a step fails.

Test Run media is stored in our object storage (see Section 5 for the provider). Screenshots and videos are intended to show you exactly what a customer would have seen on your site; they may therefore capture page text, prices, your test customer details, and the appearance of any third-party widgets your store loads.

3. How We Use Your Data

We use your information to:

  • Provide, operate, and maintain the Service, including scanning your websites, generating reports, and sending alerts.
  • Process payments and manage your subscription.
  • Send transactional emails (scan results, alerts, account notifications).
  • Respond to support requests and communicate about the Service.
  • Improve the Service, fix bugs, and develop new features.
  • Detect, prevent, and address fraud, abuse, and security issues.
  • Comply with legal obligations.

We do not sell your personal data to third parties.

4. Cookies and Tracking Technologies

Tracefox uses the following cookies and similar technologies:

  • Essential Cookies: Required for authentication, session management, and security. These cannot be disabled.
  • Analytics: We may use privacy-respecting analytics to understand how the Service is used. No data is shared with advertising networks.

We do not use third-party advertising cookies or tracking pixels for ad targeting on our website.

5. Third-Party Services

We use the following third-party service providers to operate the Service:

  • Stripe: Payment processing and subscription management. Stripe's privacy policy applies to payment data.
  • Resend: Transactional + marketing email delivery (alerts, reports, account notifications, newsletters).
  • Railway: Cloud infrastructure and hosting, including the Redis instance used as our background-job queue (BullMQ).
  • Cloudflare R2 (S3-compatible object storage): Storage for scan snapshots, Test Run screenshots, and Test Run video recordings. EU-region storage available on request for Agency-plan customers.
  • OpenAI: Optional, used only for the admin blog-generation feature. No customer-uploaded data or Test media is sent to OpenAI.
  • PostHog: Product analytics (which pages you visit, which features you use). Consent-gated, opt-out available.

Each provider processes data according to their own privacy policies and our data processing agreements with them.

6. Data Retention

  • Account Data: Retained for as long as your account is active. Upon account deletion, personal data is removed within 30 days.
  • Scan Data and Snapshots: Retained according to your plan's history-retention window (Free 7 days, Starter 30 days, Pro 60 days, Business / Agency 90 days). Older scans are purged automatically by a daily retention job.
  • Test Run Screenshots and Video: Retained alongside the corresponding Test Run row using the same per-plan retention window above. Once a Test Run row is deleted, the associated media is purged from object storage within 30 days.
  • Billing Records: Retained as required by tax and financial regulations (typically 7 years).
  • Support Tickets: Retained for 2 years after resolution for quality and training purposes.
  • Marketing Email Subscription State: If you unsubscribe from marketing emails (via the link in any newsletter), we retain the unsubscribe record indefinitely so we can honor your preference. Transactional emails (alerts, billing, account notifications) continue regardless.

7. Data Security

We implement industry-standard security measures to protect your data, including:

  • Encryption in transit (TLS/HTTPS for all connections).
  • Encryption at rest for sensitive data.
  • Secure password hashing (bcrypt).
  • Role-based access controls for internal systems.
  • Regular security reviews of our infrastructure.

No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete data.
  • Deletion: Request deletion of your personal data (subject to legal retention requirements).
  • Data Portability: Request your data in a structured, machine-readable format.
  • Objection: Object to processing of your data in certain circumstances.
  • Withdrawal of Consent: Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

California Residents (CCPA)

California residents have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information is collected, the right to delete personal information, and the right to opt-out of the sale of personal information. We do not sell personal information.

9. International Data Transfers

Your data may be processed in countries other than your country of residence, including the United States. When we transfer data internationally, we ensure appropriate safeguards are in place to protect your data in accordance with applicable data protection laws.

10. Scanning and Test Execution Activity

Our service operates automated headless browsers that visit the URLs you provide. Two distinct pipelines:

  • Site monitoring (scans). The headless browser loads each Monitored Website page, observes network requests and DOM state, and records the result. No form interaction is performed.
  • Checkout testing (Test Runs). The headless browser executes the recorded step sequence from your Test definition, which may include clicking buttons, filling form fields with the Test Data you configured, and navigating between pages. Screenshots and video are captured at each step.

By adding a website or configuring a Checkout Test, you represent that you have the authority to authorize such scans and replays. All data collected during scans and Test Runs is treated as your data and governed by this policy.

11. Free Tools

When you use our free tools (cookie scanner, SEO checker, etc.) without an account, we collect only the URL you submit and your IP address for rate limiting. We do not require an account or store personal data for free tool usage. IP addresses used for rate limiting are not retained beyond the rate-limit window.

12. Children's Privacy

The Service is not directed to individuals under 16 years of age. We do not knowingly collect personal data from children. If we learn that we have collected data from a child under 16, we will delete it promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last Updated" date. For significant changes, we may also notify you via email. Your continued use of the Service after changes constitutes acceptance of the updated policy.

14. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at:

Contact: [email protected]
Tracefox Inc.