Company Portal User Portal
Privacy

TraceProof Privacy Policy

How TraceProof handles account data, verification metadata, Protected Messaging fingerprints, browser-extension data, and support information.

Last updated: 16 May 2026

This Privacy Policy explains how TraceProof handles information across the website, platform, verification pages, APIs, Protected Messaging workflows, and browser extensions.

Information we collect

  • Account and organisation information: names, email addresses, company details, roles, plan information, authentication events, and administrator settings.
  • Verification metadata: trace IDs, public references, declared purposes, sender or agent identifiers, timestamps, audit events, verification URLs, and status information.
  • Protected Messaging information: approved profiles, purposes, sender metadata, template selections, recipient counts, public/private status, and SHA-256 message fingerprints used for integrity checks.
  • Browser-extension information: operator session data, selected profile/purpose/language/settings, compose-page interaction needed to insert a verification block, and local fingerprint calculations. For TraceProof Protect, the Gmail draft body is read locally in the browser and is not sent to TraceProof by the extension.
  • Support and operational information: enquiries, support messages, diagnostics, logs, security events, billing records, and usage metrics needed to operate and protect the service.

How we use information

  • To provide TraceProof verification, protected-message creation, proof finalisation, verification pages, APIs, organisation administration, and support.
  • To authenticate users and operators, enforce access controls, prevent abuse, diagnose issues, maintain audit history, and improve reliability and security.
  • To let recipients independently check who issued a protected interaction, what it was about, and whether protected content still matches the fingerprint that was issued.

TraceProof Protect and Google user data

TraceProof Protect uses access to Gmail only to provide its protected-message function. It runs on Gmail compose pages so approved operators can insert a TraceProof verification block and calculate SHA-256 message fingerprints locally. The extension does not send email on its own, and the Gmail draft body is not sent to TraceProof by the extension.

TraceProof's use and transfer of information received from Google APIs adheres to the Chrome Web Store User Data Policy, including the Limited Use requirements.

  • We do not use Gmail draft content, message content, or extension data for advertising, retargeting, or interest-based advertising.
  • We do not sell personal data.
  • We do not transfer personal or sensitive user data for unrelated purposes.
  • We do not use TraceProof data to determine creditworthiness or for lending purposes.

Sharing and disclosure

TraceProof shares information only where needed to provide, secure, administer, or support the service, or where required by law. This may include cloud hosting, infrastructure, logging, security, email, payment, and support providers; the organisation that authorised a user/operator/sender; recipients or public verification pages for information intended to be shown; and authorities where legally required or necessary to prevent abuse.

Security and retention

TraceProof uses HTTPS, access controls, audit records, least-privilege design, and operational safeguards. We retain account, trace, proof, audit, billing, and security records for as long as needed to provide verification history, comply with legal or contractual obligations, resolve disputes, prevent abuse, and maintain security.

Your choices

You can contact us to request access, correction, deletion, or export of personal data where applicable. Organisations can manage users, operators, senders, profiles, purposes, and settings through their TraceProof administration tools.

Questions

For privacy questions or requests, contact [email protected].