Legal
Privacy Policy
Last updated: February 2026
TraceLoom operates on a "Bring Your Own Cloud" (BYOC) model. Your test data, traces, and logs remain in your AWS account — we do not store them on TraceLoom infrastructure.
1. Data We Collect
What TraceLoom collects and stores
- Account data: Email, name, company, AWS account ID(s), billing contact
- Authentication data: Hashed IAM role ARNs (for workload identity), API tokens (hashed)
- Usage metrics: Test run counts, spot instance hours, number of workers deployed, feature usage (no test content)
- Billing data: Payment info (processed via Stripe; we don't store card details)
- Service logs: API request metadata, error messages (no customer data payloads)
- Cookies: Session tokens, analytics cookies (see "Cookies & Tracking" below)
What stays in your account
- Test files, test results, traces, logs, and artifacts — these run and live entirely within your AWS infrastructure
- We orchestrate them, but do not copy or store them
2. How We Use Your Data
We use the data listed above to:
- Provide the TraceLoom service (orchestrate tests, manage workers, track usage)
- Bill you accurately
- Send service updates and security notifications
- Improve the product (anonymized usage trends only)
- Comply with law
We do NOT use your data to:
- Train AI models
- Share with third parties for marketing
- Sell data
3. Data Storage & Security
Where we store it
- Primary: AWS (us-east-1), encrypted at rest (AES-256)
- Backups: AWS S3 with encryption, 30-day retention
How we protect it
- Encryption in transit (TLS 1.3)
- Encryption at rest (AES-256)
- Access controls: TraceLoom employees only access customer data when needed for support; all access is logged
- No default access to your AWS account — you grant specific IAM permissions; we use only what you authorize
What you're responsible for
- Your AWS account security (MFA, IAM policy review, key rotation)
- Ensuring the IAM role you provide to TraceLoom has minimal required permissions
4. Third-Party Services
We use the following services to operate TraceLoom:
| Service | Purpose | Data Shared |
|---|---|---|
| AWS | Hosting, storage, orchestration | Account ID, usage metrics, service logs (encrypted) |
| Stripe | Payment processing | Email, billing contact, anonymized usage (card data never touches us) |
| PostHog | Analytics (optional) | Anonymized feature usage, session tokens (no personal data) |
| SendGrid | Transactional email | Email address only |
We do NOT share test data, traces, or results with any third party.
5. Your Privacy Rights (GDPR, CCPA & others)
You have the right to:
- Access: Request all data we hold about you
- Correction: Request corrections to inaccurate data
- Deletion: Request deletion of your account and associated data (within 30 days)
- Portability: Request a CSV export of your data
- Objection: Object to processing for any reason
Response timeline: We respond to all requests within 30 days. If your request is complex, we'll notify you.
How to submit: Email privacy@traceloom.io with "Data Request" in the subject line.
6. Data Retention
- Account data (email, company, etc.): Retained while you use TraceLoom; deleted 30 days after account closure
- Usage metrics & logs: Retained for 90 days, then deleted
- Billing data: Retained for 7 years (tax/audit requirement)
- Backups: All data backed up and encrypted; backups deleted after 30 days
7. Cookies & Tracking
TraceLoom uses:
- Session cookies: Required for authentication (expires after 24 hours of inactivity)
- Analytics cookies (optional): PostHog collects anonymous feature usage; you can opt out in account settings
- Stripe cookies: For payment processing
You can disable cookies in your browser, but this may break core functionality.
8. Changes to This Policy
We may update this policy. We'll notify you of material changes via email and post the updated version here with a new "Last updated" date.
9. Contact
Privacy questions or data requests:
privacy@traceloom.io
Mailing address:
Jajoga, LLC
Layton, UT, USA