Privacy Policy

Last updated: February 11, 2026

Introduction – Your privacy matters

AccountTrace ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. By using AccountTrace, you agree to the collection and use of information in accordance with this policy.

Information we collect

We collect only the minimum information necessary to provide our Service:

Account data: Service names, URLs, usernames, email addresses, and notes that you choose to store in AccountTrace. This data is encrypted at rest before storage.

Authentication data: Email address and authentication tokens provided by our authentication provider (Clerk).

Usage data: Subscription tier, number of accounts stored, and scan usage to enforce tier limits.

Email scanning

When you use our email scanning features (Gmail or IMAP), we want to be transparent about how we handle your data:

  • We use access to your emails only to detect account registrations (e.g. welcome emails, receipts). We extract service name, email, and username where possible.
  • We do not store your raw email content. Only the extracted account information is transmitted and stored in encrypted form.
  • Data sent to our servers is encrypted in transit using TLS/SSL.
  • For Gmail we use OAuth read-only access tokens. For IMAP, your credentials are used to connect for scanning and are not stored on our servers.

Encryption at rest

We implement encryption at rest to protect your account data. Account information is encrypted before being stored on our servers. Data in transit is protected with TLS/SSL. You can export or delete all your data at any time through the settings page.

How we use your information

We use the information we collect to:

  • Provide, maintain, and improve AccountTrace and its features
  • Respond to your inquiries and provide support
  • Protect against fraud, abuse, and unauthorized access
  • Comply with legal obligations and enforce our Terms of Service

Information sharing and disclosure

We do not sell your personal information. We may share your information only:

  • With trusted service providers (e.g. Supabase for database, Stripe for payments, Clerk for authentication) who have access only to what is necessary and are bound to protect your data
  • When required by law, court order, or governmental regulation
  • With your explicit consent for specific purposes

Payment processing

Payment information is processed by Stripe. We do not receive or store your full payment card details. We may store only the last 4 digits and metadata (e.g. card brand) for display. We receive subscription status and billing data from Stripe to manage your subscription. Stripe's handling of payment data is governed by their privacy policy.

Data retention

We retain your information for as long as necessary to provide the Service. When you delete your account, all your data (including encrypted account information) is permanently deleted from our systems within a reasonable period. Backups may be retained for a limited time for disaster recovery and then deleted.

Your data protection rights (GDPR)

If you are in the European Economic Area (EEA), you have the right to:

  • Access: request a copy of the personal data we hold about you
  • Rectification: update or correct your information through the Service
  • Erasure: delete your account and all associated data at any time
  • Data portability: export your account data (e.g. CSV where available)
  • Object and restrict: object to or request restriction of processing
  • Complain to a supervisory authority in your country

Data export

You can export your account data (e.g. in CSV format where the feature is available) and delete your account at any time through the settings page.

Security measures

We use encryption at rest for account data, TLS/SSL for data in transit, access controls and authentication, and take reasonable technical and organisational measures to protect your information.

Cookies and tracking

AccountTrace uses only essential cookies required for authentication and session management. We do not use analytics or advertising cookies. We do not sell or share your data with advertising networks.

Children's privacy

AccountTrace is not intended for users under 16. We do not knowingly collect personal information from children under 16. If you believe we have collected such information, please contact us.

Changes to this privacy policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Service. Your continued use after changes constitutes acceptance of the updated policy.

Contact us

For privacy requests or questions, contact us at: privacy@accounttrace.com

← Back